security

I was thinking recently about the number of ways in which I could restrict access to a page using PHP.

The obvious option is to create a user authentication system, but in some situations that is overkill for what is required. If you just want to prevent users from going directly to a certain page then there are a few options open to you.

In this article we will look at how to protect a page from being directly accessed without using a user authentication system. I will address any pros and cons of each method so if you are looking for a way to protect a page then one of these might be useful to you.

One of Drupal's strengths is its ability to create communities of users who contribute towards the content of the site. Whether you have an open forum, where users can create their own accounts, or a closed magazine with just a few editors your need to take the security of your users seriously.

Out of the box, Drupal has a number of account protection features that assist in making sure that users are authenticated correctly.

For example, the user login page is protected by a brute force system and will lock accounts after a number of incorrect password attempts in a short amount of time.

Many modern browsers now come with auto-complete functionality so that users can fill in their details quickly without having to type in their username and password every time they want to log on. This can be turned off by adding the attribute "autocomplete" to the form and password elements and setting its value to 'off'.

Setting the autocomplete attribute to off on password fields (and forms containing password fields) can add an added level of security to your Drupal site. This is especially important as if the computer is stolen it is more likely to contain saved passwords that will allow access to sensitive systems. So turning this feature off might be beneficial for certain systems, especially those with very sensitive information.