At each opportunity it has, the Drupal Security team tries to help share information about its processes and http://drupal.org/writing-secure-


There are many times when you may want your code to "impersonate" another user. An example of this is when a user takes an action that triggers another process.


It seems to be a popular approach in other web applications to process/filter the user input in the name of security.


db_rewrite_sql() provides a method for modules to extend your SQL queries. This kind of functionality is especially important to modules which control access to nodes.

Session IDs

Session support in PHP allows one to preserve data across subsequent accesses. A visitor accessing your website is assigned a unique ID, the so-called session ID.


Subscribe to RSS - Drupal手册