Security

The Mixed Session module enables mixed HTTP(S) sessions for a site, securely and without loss of session data. The phrase "mixed sessions" refers to providing, with respect to a user visiting a site, some content over an insecure (HTTP) connection and other content over a secure (HTTPS) connection. For example, a shopping site may prefer to display product content in insecure mode (HTTP) while being able to protect sensitive content (e.g credit card details and authenticated user account information) using secure mode (HTTPS). The use of mixed sessions adds complications such as preserving session data (e.g. a cart ID) across session mode and protecting against session hijacking (with tools such as Firesheep). This module addresses both concerns.

The Mixed Session module protects against session hijacking by regenerating session IDs on step up and step down (i.e. switching between HTTP and HTTPS), providing a configuration switch to stay secure once having entered secure mode, and exposing more built-in, configurable redirect rules. This module also declares two API hooks through which a developer can incorporate more complex redirect rules. Protection applies to anonymous and authenticated users.

How is this different from...

State is a session module, which aims to secure more reliable session timeout.

This project

This is a sandbox project for allowing mobile tools and secure pages to work together.

It simply avoids storing the URL configuration to the database, so it can be set via settings.php . (securepages_basepath, securepages_basepath_ssl, mobile_tools_mobile_url, mobile_tools_desktop_url.

Config (D6)

The problem and solution is documented in a blogpost of mine, and shortyl described in the README.txt and INSTALL.txt .

An evolution of the current ClamAV project, this module looks to be a more generic solution to allow integration with a number of different anti-virus tools and providers.

Supported Antivirus Tools

• Clam AntiVirus

Integration with Other Modules

• Media 7.x-2.x (specifically File Entity 7.x-2.x)
• Rules

This is a simple module which forces all your site's webforms and webform submission results to be automatically viewed and submitted entirely via SSL (i.e., at a URL beginning with https://).

It is useful if you are using the Webform module to collect information from your visitors and you want those submissions to be dealt with securely (e.g., for privacy reasons).

Requirements

The Secure Pages module is required. You must also set up your site and server so as to correctly support SSL. See the README.txt that ships with this module for additional details.

To create the actual webforms which this module will secure, you also need the Webform module.

Caveats

Although this module should work well in most scenarios (and with standard uses of the Webform module), be warned that it cannot deal with all possible customizations you may have made on your site and all possible places where webform submission results can theoretically be viewed.

For example:

This project was created in response to the Production check & Production monitor project (http://drupal.org/project/prod_check) test concerning the /nope page being enabled in Drupal's menu system

See: #1033574: Check if /node is accessible

No further development.
Use this as-is or as an example for creating your own module.