This is standard website stuff. If you want to make your passwords secure, use an SSL certificate.
http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-possible-solutions-https Googling will get you plenty more results. On 09/01/2011, at 8:23 PM, FGM wrote: > You can configure your site to use https on pages where you want to login; > that way the auth information does not cross the net in clear form. It takes > some planning to do correctly, though, especially if you don't want the whole > site to be accessed over S-HTTP, for performance reasons. > > ----- Original Message ----- From: "Austin Einter" <austin.ein...@gmail.com> > To: <development@drupal.org>; <supp...@drupal.org> > Sent: Sunday, January 09, 2011 9:36 AM > Subject: [development] Security and Drupal > > > Hi All > I just made a site using Drupal6.2 and in front page I have kept "user login" > block. I hosted this site using some third party web server. > > I tried to login to new site from my PC using my user name and password and > prior to that I was capturing the packets those were being send/received by > my PC. > By checking few packets content I could figure out the user name and password > in plain text. > > So it looks others can see these packets and get the administrative user name > and corresponding password and hence can modify site content and it is really > dangerous. > I assume people must have thought of it and there should be some way to make > sure username and password should be encrypted by default hence avoidimg > third party role in site content modification. > > Please guide in this regard and provide some pointers how can I make > username/password secure while logging in sites based on Drupal. > > Regards > Austin > > >
