Considering their mission, they certainly need to be strong. The module then reports to the Nagios application whether there are updates for the core or contributed modules, the site configurations are setup correctly and many other security related settings.Passwords are little gatekeepers that take care of securing a website’s user accounts. This module integrates a site into the Nagios monitoring application. The last module I’d like to mention is the Nagios module. This module can prevent the creation of new sessions until the old session is closed or close the previous session when a user creates a new one. To prevent multiple sessions you can add the session limit module. This same issue can occur within the time limit of the auto-logout when a user logs in on a different computer. It allows the administrators to set an amount of time to enforce logout and they can even display a message to the users right before their session expires. The Auto-logout module takes care of this issue. Logging a user out after a set amount of time can prevent this. A random person or colleague can then use that account to do their dirty work. Security issues are not only limited to user data, sometimes the user account can be compromised due to them not logging out. This module prevents a number of these security leaks: To prevent such behavior you can implement the Secure kit (or Seckit) module. The site only needs to store your keystrokes in order to obtain the username and password for an account. The user thinks he / she is visiting your site and logs in through the iframe. A malicious site may place your site in an Iframe. The last security issue for user data is a bit trickier. It has the following options:įor these options the limit and the timeframe can be set. The flood control module allows an admin to alter these default settings. This can however be countered by changing your IP. By default Drupal blocks an IP for 6 hours after 5 unsuccessful tries. This can easily be countered using flood control. This method is often used to try cracking weak passwords by trying all combinations. Whether or not a user is blocked after his / her password has been expired.Įven if a user creates a strong password it may be cracked using a brute-force attack.Constraints, the requirements for a password like character / digit amount, history of passwords and whether or not your username may be contained in the password.Expiration time, the time a password remains valid.The polices can contain the following settings: This module allows an administrator to create policies for passwords. To counter the password strength problem you can use the password policy module. This does however make it easy to crack a password. They tend choose an easy password because it is easy to memorize. The second problem is related to the “normal” users. RewriteRule ^(.*)$ The secure pages module allows an administrator to use SSL on specific pages, forms or user roles. The first option is the easiest to implement and requires no module. The first problem can be countered forcing SSL or by using the Secure pages module for Drupal. There are a few aspects to be considered for forms like these. This could be the Drupal default or a custom form. What do these modules do and when you should use them.ĭepending on the site your building you might have to implement a user signin / register page. That’s why I’ve decided to write a blog about these modules. Many of these modules stay hidden for “normal” Drupal users. There are many contributed modules to help and ensure that your environment is safe. Building safe queries and filtering whatever input your environment receives. We’ve all heard or have had advice regarding safety in Drupal sites. Our tech blog is English, so the whole world can enjoy the drill :)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |