I have mainly two security concern in Drupal 7.
When user enter
http://sitename/node
then the user will be able to view all the nodes created in the site till date. In the site there are some content type which are viewable to all users on site and some are restricted to created users and shared users.How to stop users from viewing those nodes which they have not created. It will also be OK for me if user enter http:///node then "Page Not Found" displayed.Similarly I have installed "URL Path Alias" module which substitute the URL with the title alias. Now when user enters
http://sitename/node/260
where 260 is random number. This can be redirected to a valid page and user gets to know the [nid] of the content. hackers can use SQL Injection or another technique to delete the content from generic [node] table. How to restrict such hacking in the site.
Please let me know your views.