Security

This module restricts Drupal features to certain IP addresses or IP address ranges. It can restrict logins and/or role acccess.

This module "hijacks" the delete button from the delete confirmation form and unpublishes nodes instead of deleting them. Nodes can be truly deleted

Role watchdog automatically logs all role changes made through the user profile or the User List in its own table. A record of these changes is shown in a Role history tab on each user's page. Role watchdog can optionally monitor one or more specific roles for changes and notify members of selected roles via email whenever a change occurs.

MimeDetect provides a complete system for detecting the actual contents of files in your Drupal site. A file upload validator is also included for protection against mismatches between filename extension and its real content.

This module allows users to log into your site securely without usernames and passwords. It uses digital/identity certificates users have imported into their browsers as part of a public key infrastructure (PKI). The certificates can be generated by Drupal's PKI Registration Authority module or any other registration authority (RA) / certification authority (CA).

When a Drupal page is accessed via HTTPS the module checks for certain environmental variables that contain the user's unique information, such as an email address. Depending on the settings it then logs the user in or, if enabled, creates a new account.

This module stores password hashes securely.

The default password hashes in Drupal 6 (and before) are rather insecure. MD5 is easy to crack, should an attacker find a database dump or gain access to your database. This module implements secure password hashes using the phpass password hashing method