Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This project is not covered by Drupal’s security advisory policy.
PLEASE NOTE:
This module is no longer recommended for use on any Drupal site! Please consider either using SSL, or OpenID for a more secure login mechanism. If you are dead set on using CRAM, please read the following very carefully:
CRAM is a Drupal module that implements the Challenge-Response Authentication Mechanism as a replacement for the default login process. This allows for users to log into a non-SSL site somewhat securely. An algorithm called CRAM-MD5 (http://en.wikipedia.org/wiki/CRAM-MD5) is used to ensure that the user's password is never sent over the wire.
HOWEVER, this does NOT mean that your login session is secure. It is still very possible for someone to steal your session ID, giving them complete access to your account. There are various other attacks that can be employed against CRAM as well. Please be absolutely sure you understand this before installing.
CRAM requires Paj's excellent javascript MD5 library, available at http://pajhome.org.uk/crypt/md5/index.html (a link to the latest MD5.js is included in the README.txt).
Code can be checked out from the CVS repository.
Project information
Obsolete
Use of this project is deprecated.- Created by selmanj on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
