[development] Security and Drupal

Austin Einter austin.einter at gmail.com
Sun Jan 9 08:36:06 UTC 2011

Hi All
I just made a site using Drupal6.2 and in front page I have kept "user
login" block. I hosted this site using some third party web server.

I tried to login to new site from my PC using my user name and password and
prior to that I was capturing the packets those were being send/received by
my PC.
By checking few packets content I could figure out the user name and
password in plain text.

So it looks others can see these packets and get the administrative user
name and corresponding password and hence can modify site content and it is
really dangerous.
I assume people must have thought of it and there should be some way to make
sure username and password should be encrypted by default hence avoidimg
third party role in site content modification.

Please guide in this regard and provide some pointers how can I make
username/password secure while logging in sites based on Drupal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20110109/4dcabe5a/attachment.html 

More information about the development mailing list