Contributed modules for Securing your Site

Among the thousands of modules on drupal.org there are over 100 in the security category. Unfortunately some of those are abandoned or inaccurately tagged. We've looked at every module and compiled this resource to help you understand the security-related community modules available. Not all modules provide security exactly, some are about hardening your site against weaknesses and others are about monitoring and reporting abuses.

This list will stay up-to-date as new modules are added and we will be expanding it for usefulness and to include our assessment of each module's capabilities.

Read the rest of Contributed modules for Securing your Drupal Site


This article is now part of the Knowledge Base of Drupal security articles on Drupal Scout.


This page is kept so the comments posted here are available since they provide additional help and insights.

Comments

Password change confirmation

Password change confirmation module:
http://drupal.org/project/password_change

Forces you to enter your current password when editing your user account page (user/your-uid/edit/*). Helps prevent any kind of XSS admin account attack.

Thanks Dave, great catch! I

Thanks Dave, great catch! I hope to spend some time trying to get http://drupal.org/node/86299 into core because of exactly what you say, it helps prevent an XSS attack changing the uid 1 password.

Encryption of database

A recommended best practice for Data Security in the context of EU Data Protection law compliance is that sensitive data (e.g. information about medical conditions, political beliefs etc) should be encrypted in databases. So basically data input on forms needs to (ideally) be stored in an encrypted form within the database.

This basically mitigates the risk to the data owner (the site owner) of personal data being disclosed if their database is compromised (e.g. an attack on a shared hosting environment or any other attack vector which allows a data export to be run on the database).

Any suggestions for modules which might support this kind of requirement?

Encrypt Submissions appears to meet the requirement (based on my reading) but I'd appreciate an insight on any other modules that might exist to meet this kind of requirement.

I don't know of any modules

I don't know of any modules that do that.

The closest I know is Creating a Sanitized Database which will help when sharing the database with developers or other folks.