Question:
Is there a reference for:
* Best practices on implementing preferences for a module?
* Best practices on implementing module security?
Should I use a database table for implementing my module’s preferences, should I store them in a cookie, or in the INI file? Is there an EE approved, recommended or standard way of doing this?
What is the EE way I should implement my module so that it complements the existing members and member groups and looks like it belongs in the Control Panel?
Answer:
Really depends on what you are doing.
For the Moblog module you can have many different configurations and in that case it is best to use a database table to store them. With the Simple Digest module, where there are really only a few preferences, you could store them in the config.php file which is a bit faster than storing them in the database. I would rarely suggest storing preferences in a cookie unless they were supposed to be temporary settings and usually when it was only on the user side.
Module security depends on what you are securing against. The Control Panel itself is really quite secure and you can specify what member groups can access the Modules section and specific modules. For queries, you should always use $DB->escape_str() on any type of user submitted data or use the insert_string() or update_string() functions, which do this automatically. Anything else, and I think it is up to you. If you want to have assigned abilities within your module depending on member group, then you will have to create the code for that yourself as EE does not provide that kind of granular control in modules.