Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
All pages taking in a username/password that could be an ACS account should go through an ssl (https) connection. Otherwise we are opening up their username/password to be sniffed. This could lead to personal information in ACS being obtained by a 3rd party who shouldn't have it.
Comments
Comment #1
esbon CreditAttribution: esbon commentedI am concerned about the same thing, but don't these modules solve the problem? Secure Pages and Secure Pages Hijack Prevention. We use these modules on an e commerce site with ubercart and never had any problems.
mfer, would these 2 modules be enough? Any other suggestions to secure logins? Thanks for developing the module!