- Jan 28, 2011
-
-
mark burdett authored
-
mark burdett authored
-
mark burdett authored
the password reset form creates an authenticated session, and therefore should be securable. also make password request and contact forms securable.
-
- Jan 07, 2011
-
-
mark burdett authored
-
- Jan 05, 2011
-
-
mark burdett authored
delete new setting in the drupal 6 branch on upgrade; make a high-security configuration the default.
-
- Dec 03, 2010
-
-
mark burdett authored
-
- Dec 02, 2010
-
-
mark burdett authored
-
- Nov 30, 2010
-
-
mark burdett authored
set secure base URL to NULL by default; this allows database dumps to be used at other URLs without modification as long as SSL is functional.
-
- Nov 04, 2010
-
-
mark burdett authored
remove the redirect feature. it requires mixed-mode sessions which are no longer supported in favor of truly "secure" login sessions.
-
mark burdett authored
register form may be a login form, depending on site configuration; also fix a bug in register form setting
-
mark burdett authored
Add a warning if $conf['https'] is TRUE; make it clear that some forms need to be secure for basic functionality to work
-
- Oct 31, 2010
-
-
mark burdett authored
-
- Oct 30, 2010
-
-
mark burdett authored
-
mark burdett authored
Add hook_url_outbound_alter() implementation to make it easier to generate secure URLs. Support core's $form['#https'] and $options['https'] for forms and URLs respectively.
-
- Oct 28, 2010
-
-
mark burdett authored
-
mark burdett authored
-