Well as long as your xoops_trust_path is outside of the pubic_html directory the application that runs in this are general safe. GIJOE is a good programmer and prevents XOOPS STI hackers from infecting your network..

But what protects the protector, I am thinking about making a system of policy management for protector to use and other programmer where you can set access ranges, things to scan for in stuff like the $_REQUEST and so on.

This is not for the faint hearted, it will not be a 'protector' as such as I wouldn't depreciate this fantastic XOOPS Condom which really does and excellent job at keeping your website safe from sickly people..

Actually in Australia, there is a term used and a defined mental illness relating to h4x0r which is treated as forensic illness much like someone that would murder, but the term hacking itself is often misinterpreted - to hack is to build a big machine traditionally, it has nothing to do with breaking system security.. So unfortunately pulling a passhash isn't hacking... it is just ill where your brain is infected with some form of paralysis's of needing to be egocentrical with an experience to cause damage.

Anyway GIJOE, I would love to hear from you about this policy management system, I have been planning... It will make a couple of system in protector redundant, but also be like the bubble wrap on a condom for protector itself so when you lock someone out it is at the kernel..