I've been using XOOPS for a few years now, and I never really thought about this before:

Why would you need to specify a table prefix for your XOOPS tables at install time? Is there ever a reason why you would change this? For that matter...what is the purpose of having a prefix at all?

The only reason I can think of is to have two or more sites running from the same database. But I would imagine that would be very bad practice.

why is that bad practice?
Sometimes, you only have one database available.

Also, if a malicious hacker (are there un-malicious hackers? well, nevermind) knows your database prefix, it is much easier for him/her to exploit SQL injection vulnerabilities. If he/she does not know it, he/she has to guess it in order to e.g. use the SQL injection vulnerability to add him/her-self to the webmasters group

Ahh...that makes sense.

Thank you for your complete answer. ;)

Is there any foolproof way to change this on a live site, anything in the way of tools, or do you just need the sql command line, and a very clear head?

Having finally managing to restore my database, after doing something silly I wanted to change my prefixes as a few copies were mailed out during the crises and I now consider it a problem.

Hmm, No answer came the stern reply.

Well we will definitely be implimenting further security, so as a novice I guess I have a lot of reading to do.

This may be a coincidence but the account holder under suspicion (who does know our Db prefix) posts jumped from a genuine 10 to a spurious 56 today. This only showed in the top posters block, not against their profile.

This has not happened with any other of the 100+ members.

The problem was fixed by edit user synchronise.

Just because you are paranoid it does not mean they aint out to get you I always say.

Later on my crew pointed out that my own posts had gone down by about the same amount (which I was to busy to notice). This time the reduced posts showed on my profile as well as in the top posters block.

Now I am really paranoid, can this really be coincidence?

Also I dislike the fact that my cuurent ISP runs with globals on and url open enabled. Thats going to have to go even if it means moving hosts.

Interesting but nothing proved.

Well apparently Rachel the prefix manager was not added to protector until version 2.30RC and not fixed until version 2.30RC2.

The latest version is 2.37

So I guess you should update.

Wow thanks Hun!

S OK dont mention it.