Now that I managed to get SSL set up using a wildcard certificate (*.kkaefer.com) signed by CACert, securing the login to a Drupal site is amazingly easy:

# Force the user to use https.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule /(user|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R]

# Enfore SSL for user login and administration.
<LocationMatch "/(user|admin)">
    SSLRequireSSL
</LocationMatch>

That’s pretty much all you need. It works transparently for the user: When the user tries to access a URL beginning with admin or user, a redirect to the exact same request, but with http replaced by https is performed. Additionally, SSL is set to be required for those locations (I added that to prevent logins without SSL in case mod_rewrite fails, becomes unavailable etc.). You can easily add new paths that require SSL by just adding them to both regular expressions.

Sometimes users can login using a URL that doesn’t begin with user. Therefore you should also install securelogin.module which rewrites the actions of forms to use https.

After several years, Drupal is back on LinuxTag with an entire booth of its own. Thanks to Marco Rademacher who took the initiative to register the Drupal project with the approval of the Drupal Association. The booth is run by the DUG Berlin and situated in hall 7.2a.

Can’t log in in your Drupal 7.x-dev installation? Run update.php to update the password hashes. There is a new password hashing algorithm in core that provides better protection from rainbow tables.

You probably know it by now: Dries Buytaert started yet another company: Its product is “Mollom”, a comment spam filtering webservice, similar to Akismet. Congratulations, Dries! I’ve been one of the very first beta testers (User ID #5 on mollom.com) and have been using the module since a bit more than 9 months now. At first, I still had some issues with comment spam getting through Mollom’s filter, but that eventually stopped during the last couple of months.

I haven’t used Akismet in a while now (I did use it before switching to Mollom), so I can’t really tell whether it’s more accurate. While there are some minor nitpicks, I’m rather satisified with Mollom.

Mollom wants to distinguish itself from Akismet by not only blocking spam: The goal is to “improve overall content quality”. While I get virtually no automated comment spam anymore, I now get actual humans who post spam comments. These comments are usually somewhat related to the blog post. That means I’m not getting generic “This content is great!” comments, but for instance, “This bundle is very useful. Thanks!” on my blog post about the TextMate Drupal bundle. Sounds like a valid comment, however, the supplied comment author homepage contains clearly a spam URL.

Unfortunately, Leopard’s PHP installation does not ship with a GD module. If you use this PHP version, Drupal will report that it can’t find a GD library (and no image processing will be performed either). There is a tutorial on the web that explains step by step how to compile GD2 for the stock PHP 5.2.4 that comes with Leopard; however, PHP segfaults after the installation (at least for me).

Fortunately, there is an alternative: Entropy.ch’s PHP 5.2.5 beta package comes with all kinds of modules prepackaged. The folks over at Moodle created a very good step by step instruction for setting that bug.

The drawback: On my (32bit) machine, PHP would refuse to log in (connecting worked fine!) to my (unaltered) database server. At the same time, I was able to connect to it using the mysql CLI binary with the exact same credentials. It turns out that the MySQL Client API in Entropy’s PHP package is somewhat broken on 32bit Intel and PPC (but works fine on 64bit Intel!). After some debugging (checking socks, reviewing debug logs, …) I stumbled upon a forum post which provides a quick fix for this issue: Just copy over the stock Leopard MySQL Client libs to the new PHP installation and you’re done.

I just discovered a rather new band called “The Lady Sails” on last.fm. It looks like they don’t have a recording contract with a label, but the music nonetheless sounds professionally recorded, yet, without loosing the tad of imperfection that so much music is lacking today.

The band released the album free of charge (in 256 kbit/s). They also use non-standard instruments like Glockenspiel and have a rather diverse sound. I hope to hear more from this band.