Help protect the website from attackers or bad actors, by identifying, preventing, or mitigating security vulnerabilities.

Swekey2

What is it?

The Swekey USB Token is a low cost USB device with a unique signing.
It contains a 32 bit unique hashcode and some software for generating
authentication code sequences based on a random token and the hashcode
on the USB Token itself.
This module integrates the Swekey Token into the Drupal user module, adding
a third level of protection on top of the username and password.

Why should I use it?

If your website or webapplication needs extra protection, or your users
think they need it ;-)

Why not use the original module from Musbe, the creators of the Swekey?

Several reasons. The original module does not integrate well with the session
handler. It assumes we are all using the file method, storing the session data
on disk. Problems also arise for clusterd fileservers because of this.
Second. The Swekey system uses external authentication servers. That's ok, but
one of them is used for generating a random token. Drupal really doesn't need
that because we have a unique token already by way of the unique form-id.
Than finally, for checking purpuses the hashcode from the Token is send to
the authentication server. Unencrypted. The servers from musbe are simple
http servers.

Why use this module?

It is not dependent on any external server. It leverages the full Druapl API.

Categories: Actively maintained, Under active development, Security, Integrations

privat 24 api

🇺🇦

 This module is maintained by Ukrainian developers.
Categories: Seeking co-maintainer(s), Under active development, E-commerce, Security, Integrations

Auditing

Auditing is a module that adds a permission to Drupal. Roles with that permission are no longer able to submit forms and therefore are only able to see content.

Categories: Actively maintained, Under active development, Administration tools, Security

Git exmple

try out DCD 11

Categories: Actively maintained, Under active development, Security

Menu token protect (CSRF protection)

Automatically adds a drupal_get_token query string parameter to any menu links that correspond to a menu router item that has 'token' => TRUE in its hook_menu() definition. This helps prevent certain links from CSRF attack requests.

Protection support for core menu callbacks

By default this module adds token CSRF protection for the following core menu callbacks:

user/logout

Which in turn ensures any menu links are output as:

user/logout?token=hash-string-here

And the token is checked using hook_menu_site_status_alter().

Usage

function mymodule_menu() {
  $items['mymodule/path'] = array(
    'title' => 'Sample dangerous callback',
    'description' => 'A sample menu callback that should be protected from CSRF attacks using tokens.',
    'page callback' => 'mymodule_dangerous_callback',
    'access arguments' => array('administer mymodule'),
    'token' => TRUE, // Add this to automatically have this path protected.
  );
  return $items;
}
Categories: Minimally maintained, Maintenance fixes only, Security, Developer tools

Member Only Content App

This is a App wrapper around the Member Only Content module. Created during the code sprint at BADCamp 2011.

Categories: Minimally maintained, No further development, Security

Pages

Subscribe with RSS Subscribe to RSS - Security