This module encrypts the user's password when they type it in during
login, so a 3rd party up to no good can't see the user's plain text
password (as is currently the case with Drupal logins).
Encryption is accomplished by replacing what the user enters for their password with a uniquely-salted MD5 hash of the MD5 hash of what they typed (so it is 2-layers deep). If the user does not have JavaScript enabled, then the default Drupal behavior (no hashing) still works.
Of course, this is no substitute for an SSL certificate on your server, as that would protect all form submissions, as well as prevent other types of attacks. This module is intended for those who desire password security, but either cannot afford a certificate, or only need basic protection from hackers during login.
Read More...
www.drupal.org
Encryption is accomplished by replacing what the user enters for their password with a uniquely-salted MD5 hash of the MD5 hash of what they typed (so it is 2-layers deep). If the user does not have JavaScript enabled, then the default Drupal behavior (no hashing) still works.
Of course, this is no substitute for an SSL certificate on your server, as that would protect all form submissions, as well as prevent other types of attacks. This module is intended for those who desire password security, but either cannot afford a certificate, or only need basic protection from hackers during login.
Read More...
www.drupal.org
No comments:
Post a Comment