[support] Security and Drupal
Leonard den Ottolander.nl
drupal at den.ottolander.nl
Sun Jan 9 23:01:43 UTC 2011
Hello Austin,
On Sun, 2011-01-09 at 14:06 +0530, Austin Einter wrote:
> By checking few packets content I could figure out the user name and
> password in plain text.
This is an issue with *any* web application that connects over http. If
this is a concern you should set up your webserver to use SSL (https)
for such connections.
That said, personally I feel users choosing poor passwords is a much
greater concern than someone being able to sniff those passwords on the
internet. For the average bad guy sniffing traffic on the internet
requires much more effort than running a script that brute forces (weak)
passwords.
You might want to look into the User Protect module. You can use this
module to block users from changing their passwords.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the support
mailing list