I know I should have thought about this before, but how do I secure the login and registration to my site?

Do I have to move it all over to HTTPS? Or can I do something else to secure it?

Comments

CAZephyr’s picture

I guess that depends on what you mean by securing things.

The default drupal install will provide reasonable security for things like registration and login. If you would like higher security you can try a number of security related modules.
When drupal 7 comes out it will by default have options for significantly higher security than what is currently available for drupal 6.

Let me also point you to a recent article on the drupal home page:
Cracking Drupal - Drupal Security book, talks, and review service
If you want to do something to secure your site you should definitely check it out.

akeimou’s picture

default drupal install will provide reasonable security for things like registration and login.

what's included in "reasonable security"? for most of our drupal sites we've been using SSL just for the login page. do you mean that we can actually remove our SSL setup on those sites and we're still covered?

matt2000’s picture

Sounds like maybe you want to allow self-registration, but only for certain people? If so, you might want to try this module:

http://drupal.org/project/regcode

Otherwise if you want to only create accounts for other people yourself and disallow self registration, just visit Administer >> User Management >> User Settings and you'll see the option.

-Matt