Specbee: Building Secure Drupal Websites with the Password Policy Module

1 week 4 days ago
Building Secure Drupal Websites with the Password Policy Module Kiran Singh 08 Jun, 2021 Top 10 best practices for designing a perfect UX for your mobile app

 

Website’s security is never (and should never be) an afterthought. A breached website does not just cause a loss in revenue but also in reputation. A secure website is one that has been developed keeping in mind different ways it could be broken into.

For this, we must ensure that the security checklist is handled before the launch and also after the launch of the site. One of the most important steps to ensure a secure Drupal website is to make certain that users have and maintain strong password policies. Out of the box, Drupal does not enforce a strong password policy. By default, you can choose to set easy (and weak passwords). But this behavior is not recommended especially for users who have content administration and other higher privilege permissions.

And that’s where the Drupal Password Policy module shines. It enables site admins to set strong password policies and enforce restrictions to a website. The Password policy module is a contributed Drupal module that is compatible with Drupal 9 as well.

Installing the Password Policy Module

Step 1: Install the Password Policy module using composer or download from here.

$ composer require 'drupal/password_policy:^3.0@beta'

Note: Before installing the password policy module, make sure you have installed and enabled the Ctools module.

Step 2: Enable the downloaded module using drush or Drupal UI.

Through the Drupal UI, head to the module listing page. Under the Security tab, you will find the password policy module with submodules. Enable the first Password Policy module and then the submodules as per your requirement.

Configuration

To configure your recently installed and enabled Password policy module, go to Configuration → Security → Password Policy. Here you will add password policies for various roles with different constraints as per your requirement.

Now give a Policy name and set password reset days. If you don't want to the password to expire, set the Password reset days as 0 days.

After this, you can add constraints and configure it through the Constraints settings tab. Note that the submodule that you added in security modules listing will list in the Constraints dropdown.

Let’s implement this with an example for better understanding. I need to add a password policy for an author role that enforces that the password must contain a minimum of 3 characters from the subsequent character types: lowercase letters, uppercase letters, digits, special characters, a minimum of 1 special character and the password length must be a minimum of 8 characters.

 

 

 

Once you have configured the above constraints, apply it to the author role.

Click on the Finish button to create your new password policy. You have now successfully created a password policy for the author role.

As hackers and bots are getting more sophisticated and powerful, you cannot protect your website with just one layer of security. The best kind of security is the one with multiple security layers and one of the most important layers is the password protection policy layer. Drupal’s Password policy module offers tons of flexibility for admins to create various types of policies and enforce constraints. Drupal is widely known for the security it offers and Specbee is committed to leveraging the best security features provided by Drupal. Contact our Drupal experts to know how we can help you build more secure and robust digital experiences.

Drupal 9 Drupal 9 Module Drupal Development Drupal Module Drupal Planet Drupal Tutorial Drupal Shefali ShettyApr 05, 2017 Subscribe For Our Newsletter And Stay Updated Subscribe

Leave us a Comment

  Shefali ShettyApr 05, 2017 Recent Posts Building Secure Drupal Websites with the Password Policy Module Image Configuring your Drupal Project on CircleCI – An Introduction Image Adding custom oEmbed providers to remote video media source with Drupal 9 & Drupal 8 oEmbed Providers module Want to extract the maximum out of Drupal? TALK TO US Featured Success Stories

A Drupal powered multi-site, multi-lingual platform to enable a unified user experience at SEMI.

link

Discover how our technology enabled UX Magazine to cater to their massive audience and launch outreach programs.

link

Discover how a Drupal powered internal portal encouraged the sellers at Flipkart to obtain the latest insights with respect to a particular domain.

link

Danny Englander: Drupal 8 & 9 Theming: How to Render and format JSON Data With PHP and Twig Using the JSON Field Module

1 week 4 days ago

There's a neat little Drupal module called JSON Field and recently, I had a chance to play around with it. Out of the box, JSON field is a just a plain field where JSON data can be input and output on a web page. On its own, the module does not do much beyond just printing the raw data formatted as JSON. However, I got to thinking it would be nice to nicely format the data with HTML. In this article, I will show you how I accomplished this with both a preprocess function and some custom code in Twig.

Getting started

First, you'll want a Drupal 8 or 9 instance running. In the root of your project, run:

composer require drupal/json_field

Note, if you get an error, you may need to append a version number, for example:

composer require drupal/json_field:1.0-rc4

Next, enable the module and create a new field on an entity, for example on a page content type. When I created my field, I chose the option, JSON stored as raw JSON in database

Next, input some JSON data, for sample data, I like to use Mockaroo. (At a high level, I could envision using the Drupal Feeds module to import JSON data in bulk and mapping it to a JSON field but I have not tested this.)

An example of the Mockaroo interface showing mock data being generated Create a preprocess function

We are rendering this data in a node so I have a basic node preprocess function setup below with a sub-theme of Olivero called Oliver. Within this, we will leverage Xdebug to examine the data up close. We write this code in our theme's .theme file.

<?php /** * @file * Functions to support theming in the Oliver theme. */ /** * Prepares variables for node templates. */ function oliver_preprocess_node(array &$vars) { // Custom ...

Apple iCloud: A cheat sheet

1 week 5 days ago
Apple's iCloud is a cloud file storage and services platform that provides users with secure ways to store and share files, find lost equipment and synchronize information across multiple devices.

Lucius Digital: How to limit the taxonomy terms in 'Exposed Drupal Views filters', to the tags that are used in included nodes, in multiple Views

1 week 5 days ago

Last month we implemented the 'Resources' page on iias.asia, as you can see: you can filter the Resource nodes on this page in the right of the screen. This is a Drupal View with exposed filters, which are placed via a block via Twig Tweak module.

There is a 'Region' Filter and a 'Tags' taxonomy reference field, which are also used in other content types. 

We only wanted to show used terms in the drop downs.

So, there are other pages (Views) that also implemented this tag as a filter (like the Alumni page). But of course: those pages have other content types, so 'used tags' are also different.

So here is how we limited the used tags, per Drupal View, this article gave us a kickstart.

YOURMODULE.module:

Jacob Rockowitz: How are the Webform module's Open Collective funds being spent?

1 week 5 days ago

My last blog post thanked the collective's individual backers and supporting organizations for their financial support. Now I would like to break down how the collected funds were spent to tag the Webform module's latest release.

Tracking my time

To provide the most value to backers, I opted to track my time in five-minute increments in the hopes that the amount of work that goes into maintaining the Webform module can be better understood. Tracking these smaller increments also shows how solving a problem or providing support is a multistep process, which begins with triaging issues.

Triaging issues

Triaging the Webform module's issue queue has proven to be one of the most challenging tasks related to maintaining the Webform module. I have struggled with wrangling the issue queue, nudging people in the right direction, and now I am finally putting my foot down when I feel people are taking advantage of open source. Admittedly, I was getting burned out when dealing with people who did not appreciate the value of my open source work. Fortunately, I see now that many people value my open source work, and they want to see me compensated for my time.

The overall challenge to wrangling the Webform module's issue queue is that everyone has different levels of experience in Drupal. Organizations are trying to build unique and complex digital experiences. If you combine this with the fact that we are an international community, the result is that issue...Read More

Jacob Rockowitz: How are the Webform module's Open Collective funds being spent?

1 week 5 days ago

My last blog post thanked the collective's individual backers and supporting organizations for their financial support. Now I would like to break down how the collected funds were spent to tag the Webform module's latest release.

Tracking my time

To provide the most value to backers, I opted to track my time in five-minute increments in the hopes that the amount of work that goes into maintaining the Webform module can be better understood. Tracking these smaller increments also shows how solving a problem or providing support is a multistep process, which begins with triaging issues.

Triaging issues

Triaging the Webform module's issue queue has proven to be one of the most challenging tasks related to maintaining the Webform module. I have struggled with wrangling the issue queue, nudging people in the right direction, and now I am finally putting my foot down when I feel people are taking advantage of open source. Admittedly, I was getting burned out when dealing with people who did not appreciate the value of my open source work. Fortunately, I see now that many people value my open source work, and they want to see me compensated for my time.

The overall challenge to wrangling the Webform module's issue queue is that everyone has different levels of experience in Drupal. Organizations are trying to build unique and complex digital experiences. If you combine this with the fact that we are an international community, the result is that issue...Read More

DIY Perseverance rover replica looks and moves like NASA’s

1 week 5 days ago

Merely looking at the latest Mars rover, Perseverance, will make almost any nerd giddy with excitement over the amount of cool tech that’s crammed into the vehicle before it gets shot into space. This feeling is what probably inspired Dejan of How to Mechatronics to create his own scaled-down version of the interplanetary vehicle, but […]

The post DIY Perseverance rover replica looks and moves like NASA’s appeared first on Arduino Blog.

Arduino Team

Get outside with these Raspberry Pi summer projects

1 week 5 days ago

Summer is fast approaching – and that’s the perfect excuse to get building. Whether you want to spy on your local wildlife, upgrade your vegetable patch, or feed your fish when you’re off on a weekend break, Raspberry Pi and a handful of add-ons make a great starting point. The latest issue of The MagPi…

The post Get outside with these Raspberry Pi summer projects appeared first on Raspberry Pi.

Ashley Whittaker

Matt Glaman: What is the deployment identifier in Drupal?

1 week 6 days ago

Did you know that Drupal has a deployment identifier? This deployment identifier triggers different actions in Drupal and can be used to streamline your Drupal deployments. In this video, I will walk through how the deployment identifier is used and how you set it.

James Bruton’s robot uses three ball-shaped wheels to move in any direction

2 weeks ago

Wheeled robots normally have wheels that move in a single axis and steer by using either differential speeds or by pivoting some kind of guide wheel. However, this leads to some drawbacks, the most obvious being an inability to move in really tight spaces. When presented with this challenge, YouTuber James Bruton came up with a great […]

The post James Bruton’s robot uses three ball-shaped wheels to move in any direction appeared first on Arduino Blog.

Arduino Team

Weaving just got a lot better thanks to this Arduino-controlled Jacquard loom

2 weeks 1 day ago

Jacquard looms revolutionized the weaving process by independently controlling each heddle’s position. That made it possible to weave complex patterns. But modern Jacquard looms are very expensive, because they require a solenoid or other means of actuation for each and every heddle. Lea Albaugh and her team at Carnegie Mellon University found an affordable way […]

The post Weaving just got a lot better thanks to this Arduino-controlled Jacquard loom appeared first on Arduino Blog.

Arduino Team

Extending a mobile AC unit’s exhaust duct with an air extractor

2 weeks 1 day ago

Portable air conditioners are amazing, especially as we head into the hot summer months. But one big downside is having to place them close to a window that will fit the guard, otherwise it’s really tough getting the hot exhaust air out of the room. This is exactly the problem Hackaday user vincentmakes ran into when he […]

The post Extending a mobile AC unit’s exhaust duct with an air extractor appeared first on Arduino Blog.

Arduino Team