Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The initial password "cyan" is weak and easily exploited if the regular drupal auth is also enabled.
This patch sets the password to a unique random string.
Comment | File | Size | Author |
---|---|---|---|
webserver_auth.module.initial_password.patch | 1.27 KB | barry_johnson |
Comments
Comment #1
moshe weitzman CreditAttribution: moshe weitzman commentedany reason we should not use user_password() like user.module does?
Comment #2
barry_johnson CreditAttribution: barry_johnson commentedNone at all. I'm just a newbie to drupal and didn't realize it existed :-)
Comment #3
gaards CreditAttribution: gaards commentedThis code snippet is not present in the current supported version (7.x) of Webserver authentication. I'm closing this issue.