[support] Security and Drupal
Steve Kessler
skessler at denverdataman.com
Sun Jan 9 16:02:24 UTC 2011
You may also want to look at http://drupal.org/project/securepages
On Jan 9, 2011 1:36 AM, "Austin Einter" <austin.einter at gmail.com> wrote:
> Hi All
> I just made a site using Drupal6.2 and in front page I have kept "user
> login" block. I hosted this site using some third party web server.
>
> I tried to login to new site from my PC using my user name and password
and
> prior to that I was capturing the packets those were being send/received
by
> my PC.
> By checking few packets content I could figure out the user name and
> password in plain text.
>
> So it looks others can see these packets and get the administrative user
> name and corresponding password and hence can modify site content and it
is
> really dangerous.
> I assume people must have thought of it and there should be some way to
make
> sure username and password should be encrypted by default hence avoidimg
> third party role in site content modification.
>
> Please guide in this regard and provide some pointers how can I make
> username/password secure while logging in sites based on Drupal.
>
> Regards
> Austin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20110109/9e3d3a45/attachment.html
More information about the support
mailing list