Help protect the website from attackers or bad actors, by identifying, preventing, or mitigating security vulnerabilities.

ClamAV

ClamAV

Drupal integration with the ClamAV virus scanner.

This module will verify that files uploaded to a site are not infected with a virus, and prevent infected files from being saved.

NB: The module integrates with ClamAV, it does not provide an anti-virus scanner engine.

Categories: Actively maintained, Under active development, Integrations, Media, Security

Clear saved password field

clear_password_field.png

The Problem

As a Drupal developer, it's very likely that you have saved passwords for several of your websites. This makes it easier when coming back to it after a while. However, there are several situations where this is not desirable:

  • Whenever you try to edit any user account (including yours), your password is already populating one of the fields, even though the purpose of the field is to change it
  • Whenever you want to add a new user through the admin interface, not just your password, but also your username are now populating the fields of a soon-to-be different user

As a developer, you probably have learned to deal with it. But the truth is that this is a major problem when you are developing the website for someone else. Any other user that has permissions to administer user accounts will face the same problems. Unacceptable!

The Solution

What this module does is very simple: it clears the password.

Gone are the days of manually clearing that field whenever doing the slightest change to your account. User admins don't need to worry anymore about accidentally changing their users' passwords to that of their own.

Categories: Minimally maintained, Maintenance fixes only, Security, Access control

Password reset restrict

Enables a period of time to be set to throttle how often a password reminder email can be sent to each user.

Categories: Under active development, Security, Access control

CTools HTTP Header Plugins

This module defines context and access rules plugins for CTools (and Panels) based upon values of HTTP request header elements.

Categories: Minimally maintained, Maintenance fixes only, Administration tools, Access control, Security

Ban and Unpublish

Result of an action

Invaded by spammers? The Ban and Unpublish module makes it easier to clean up after registered spammers and other problem users by implementing a bulk operation. It finds and unpublishes their damage globally.

Categories: Actively maintained, Under active development, Security, Access control

Domain SSL

This module adds support for mixed use of SSL and non-SSL (http and https protocols) for the 6.x branch of Domain Access.

Currently, Domain Access allows you to specify per domain whether to use http or https, and if a domain source is configured, URLs throughout that site (including form actions and so forth) use that protocol. However, if your site mixes use of both protocols (say, with SSL to protect the user login page, admin pages, or authenticated sessions in general), Domain Access does not support that configuration.

For background information, see the original issue: #758714: Allow both http and https for a given domain?

Categories: Minimally maintained, No further development, Access control, Security

Pages

Subscribe with RSS Subscribe to RSS - Security