Here is a reference from Drupal site that explains on the security aspects. i should read this once i have able to write my own custom module.
For security reason, according to Drupal doc website, it is advisable to permanently disable user/1 which refers to the super user of Drupal user once you've installed it on your site. The user/1 is not necessarily needed to administer the website. Few methods can be done to disallow user/1 such as via MySQL like the followings:
p/s: but i really don't get it here, if you disable user/1, how can you add/update/delete or manage the website without using user/1 role?
Here are some miscellaneous issues which is worthy to read for security and performance reasons.
..
No comments:
Post a Comment