quote]WARNING: The location of your access database may not be secure.
You should consider moving the database from \\******\***\************\*****\*****************.*** to a directory not directly accessable via a URL and/or renaming the database to another name.
(After moving or renaming your database, remember to change the strConnString setting in config.asp.)[/quote]
Not a whole lot anymore since the passwords are encrypted, but you should still rename the database to something not easily guessable AND make sure there is an asp or HTML which will disable the directory browsing.
- If it was at v3.3.xx, all passwords have been compromised. (v3.4 prevents this with SHA256 encryption) - All email addresses of all members are now known (good tool to spam your membership) - If you have Private Messages installed, all these are no longer private. - Private forums (and posts within) can be read by the person with the database - Probably a few other evil things but that's what immediately comes to mind.
Topic Locked
Posted - 30 October 2002 : 14:17:44
