Security

I'm only starting a module to provide the option to configure privacy settings for fields that have relation with an user.

LAuth is a protocol to authenticate HTTP requests.

There are three actors in LAuth. A CLIENT needs to have access to a USER's resources on a SERVER.

The goal of LAuth is to enable servers to verify the identity of a client acting on behalf of a user without the user having to give to the client the secret he shares with the server.

What does this mean?

For example, let's say Alice have uploaded photos on photos.example.com, using a login name and a password that give her access to the whole range of services offered by photos.example.com.

Alice also have a Drupal site, drupal.example.com, on which she installed the ExampleAlbum module. Using ExampleAlbum, Alice can display the photos she uploaded on her account on photos.example.com. ExampleAlbum thus needs access to Alice's account on photos.example.com. However, for security reasons, Alice does not want to give her photos.example.com credentials to ExampleAlbum module.

Fortunately, ExampleAlbum and photos.example.com both support LAuth.

So Alice logs on photos.example.com and generates a new LAuth key. She then copies the key (a key identifier and a secret) on the configuration page of the ExampleAlbum module. The ExampleAlbum module will use this key to make signed requests to photos.example.com on behalf of Alice.

Menu Access Override provides a configuration option to menu items to allow them to be displayed regardless of a user's access rights.

For authenticated users, presents a disclaimer that must be acknowledged before the user can access site content.

Enables Craigslist-style "anonymization" of email addresses on node comments. An anonymous user can post their comment, enter their name and email, and choose to expose a "fake" email address that will route to their real email address.

Notes

This module doesn't work out of the box. Some mail server configuration is required. Details may be found in the README file.

This module was designed to work with a Google apps account that has IMAP turned =on. It has not been tested with other email providers, although we do not forsee any problem adapting it for other providers.

How it works

Generates random email addresses at a specified domain to mask the real email addresses of people who post content or comments on your website. These random email addresses are not actual accounts on your mail server; rather they are all sent to a "catch-all" address.

This script downloads mail from the catch-all account (using IMAP) and looks up the recipients against a database table that maps fake emails to real emails. If matches are found, the messages are forwarded to the appropriate destinations.

Instructions

1. Set up a Google apps account
2. Create an email account to act as a "catch-all" address. This will catch emails sent to the randomly-generated addresses created by this module.

The role_delay module enables the configuration of one or more user roles that all new users are automatically granted after a specified period of time from registration. A role delay of 0 (zero), will automatically assign that role to every user at creation time.

The new home of the previously abandoned Roledelay module.