Many long nights spent on my site, and now I've started doing all sorts of security checks and stumbled upon the following:
www.mysite.com/node
That shows the latest x nodes that a user has access to. I DON't want this view visible to users. And I certainly don't want any other views similar to this available. So, my questions are:
You want to use hook_menu_alter() in a custom module to reroute what happens when someone tries to load the page at /node. There are two approaches.
First, you could give an unequivocal access denied:
function custom_module_menu_alter(&$items) {
$items['node']['access callback'] = FALSE;
}
Second, you could reroute the page to one of your choice:
function custom_module_menu_alter(&$items) {
$items['node']['page callback'] = 'custom_module_new_page_content';
}
function custom_module_new_page_content() {
return 'Go away!';
}
If you are worried about listings where users have access, the search results and tracker are the only other places that I can recall.
This comment provides the logic to unset whatever you want from the search results using a custom module.
Unfortunately the Tracker is not particularly customizable without direct hacks. Your best bet is to use one of the tracker replacements in contrib, or easier yet, modify the Tracker replacement that is packaged with the Views module.
EDIT: Clarification- you could also disable the Tracker module form the optional "core" modules. However, it is a very useful functionality so you might want to keep it around in some form.