I'm currently writing an essay on encryption, and it made me think about my XOOPS site.

In brief, what is the XOOPS security policy? I've read a bit about MD5 encryption been in use. What level of encryption is used (bit level), how is it encrypted (SHA, MD5 etc), and where is it stored (MySQL database I assume).

In other words, how secure is my users data? Is an XOOPS system easy to hack (to a hacker that knows what he's doing)? What security holes are there (if any)?

Users' passwords are encrypted with the PHP function MD5 and stored in the database.

If a XOOPS system was easy to hack, we wouldn't have so many users and the same goes if there were security holes left open.