Security

Poured by the massive spammers attack? Your comment approval queue is overloaded with thousands of spamming comments? Kill them, simply delete all your comments approval queue with spam killer.

Port sandbox to D7

Shared Secret API provides a mechanism for verifying that a token was generated by a trusted partner using a simple shared secret method.

Generates and validates tokens based on a shared secret (that is, a secret string known by both the website with this module and whoever you trust). In many cases, the entity that you trust is the website with this module - or your site.

Most commonly, it will be used to verify that a link was generated by a trusted entity.

The only current built-in validation is via URL parameters. Given params "s" and "t" this module can verify that the generating party is privy of the shared secret.

Users must define how long each secret hash/timestamp combination is valid.

By default, the shared secret is the site's hash salt. If you are using this module with third parties or clients, you can opt to define a custom shared secret which is stored in the database. There is a plan and path to allow users to store the secret in a separate file outside of we docroot, but this has not yet been implemented.

This is a dead-simple module that ensures that Drupal always returns a 404 "Not Found" error instead of returning a 403 "Access Denied" error.

Why would you need this?

Say you want users of your site to be able to upload and download documents, but you also want these documents to be protected in case someone breaks into your server. This module allows Drupal to encrypt files that users upload and decrypt files for download, keeping the unencrypted versions of files from ever being stored on disk. It does this by creating a custom file stream wrapper that Drupal can read from and write to and a new download method that sits alongside the regular public and private methods. So you can make Encrypted Files the default download method, or only use it as the download method for specific file-type fields.

Use http://api.yandex.ru/cleanweb for check spam.