Security

The salt module allows for Drupal passwords to be 'salted' - an internal string is appended to the password prior to storage - making them less prone to dictionary attacks, rainbow tables and the like.

This module currently stores the salted password in the database. Consequently, disabling this module or changing the salt at any time will require users with salted passwords to recover their passwords.

The password_reset module allows for passwords to be reset without involving e-mail addresses through the use of security questions. This module would typically be used on sites that do not require users to enter their e-mail addresses or prefer not having to deal with spam folder issues etc.

This module supports the following features:

Password Strength module provides realistic password strength measurement and server-side enforcement for Drupal sites using pattern-matching and entropy calculation. Almost any type of password can be allowed so long as the password proves to be of high enough entropy. For inspiration see the XKCD comic on password strength.

Single Login is a session management system for Drupal. It allows the site administrator to create a policy to detect, and prevent, duplicate logins on the same account. This is obviously handy for a site that requires paid subscriptions. Once a duplicate login is detected from a different system, the first login gets logged out. The admin can set a policy that determines how often and within what time period a session can "ping pong" between machines. Should the policy conditions be met, the admin can specify an action,typically to block the offending account.

AntiSpam Protect Web Form Captcha Plug-in for Drupal
supports English, German, French, Spanish, Russian localization.
Customize your CAPTCHA with desired colors and fonts. Chose among many image types.
Add reload button and audio support.

This module stores password hashes securely.

The default password hashes in Drupal 6 (and before) are rather insecure. MD5 is easy to crack, should an attacker find a database dump or gain access to your database. This module implements secure password hashes using the phpass password hashing method - multiple rounds of hashing and salting that make reversing the hash significantly more difficult to break by brute-force attack. This is the same approach that is used for Drupal 7.

MimeDetect provides a complete system for detecting the actual content of files in your Drupal site.

By default, Drupal provides a "guessing" system based on the filename extension. This is very weak and your site could store files with real content different from the one indicated by its extension.

MimeDetect provides detection on two levels:

This module allows users to log into your site securely without usernames and passwords. It uses digital/identity certificates users have imported into their browsers as part of a public key infrastructure (PKI). The certificates can be generated by Drupal's PKI Registration Authority module or any other registration authority (RA) / certification authority (CA).

When a Drupal page is accessed via HTTPS the module checks for certain environmental variables that contain the user's unique information, such as an email address. Depending on the settings it then logs the user in or, if enabled, creates a new account.

Role watchdog automatically logs all role changes made through the user profile or the User List in its own table. A record of these changes is shown in a Role history tab on each user's page. Role watchdog can optionally monitor one or more specific roles for changes and notify members of selected roles via email whenever a change occurs.

This module "hijacks" the delete button from the delete confirmation form and unpublishes nodes instead of deleting them. Nodes can be truly deleted
at admin/content/node or by logging in as the first user on the system (aka UID 1). To do delete from admin/content/node, select nodes you want to delete and in "Update options" choose "delete".