@Damaster,

There's a certain irrefutable logic about what you say.

Quote:

I think that what irmtfan means is that proper documentation would enable users to understand the effect that changing Protectors settings might have. At least, that's how I read it.

GIJoe is a securtity guru and an excellent coder and developer. Were there to be a problem with Protector then he would sort it. v3.04 (and 3.04a) have been around for quite a few months now so it's reasonable to assume that there's nothing fundamentally wrong. GIJoe would have fixed things if there were as he's that sort of chap.

Rather than fixing code, v3.15beta is adding new features meaning that he's confident in v3.04. That's good enough for me.

I agree with what Damaster, irmtfan and Catz are saying - the Protector module wouldn't be quite so critical if the core/modules' code were more secure.

"Big Up" for GIJoe

Quote:

I don't disagree.

Allow me to make an analogy.

You have some jewellery valued at $100,000 locked up in a yale safe, bolted down within a room in your house, if someone knows how to hack that safe, they will get in however if they didn't know you had that jewellery or where that safe is, then it certainly make their job harder.

Hence removing references that your site is XOOPS and what version it is can help to evade being hacked, as your not advertising you jewels in public.

Quote:

+1

i dont disagree too.
any additional security is worth to be added.
but i like to deal with security and simplicity of a CMS.
also it is not wise to put your jeweleries in a free basket.