login

CMS: Drupal

not scheduled

Description:

Most Drupal-based sites use password-based authentication. This session will discuss and design proposals for improving the current practices. Current ideas include:

• Abandoning long-life PHP session cookies
• Best practices for persistent login (a.k.a. "Remember Me") cookies
• Not distributing initial account passwords via email
• Supporting required instead of optional password changes
• How SSL support should be integrated and configured
• Preventing hijacking of mixed plaintext/SSL sessions

Lead by: