Huub van Burken
I think this is all the weak points I could find. O yes one more, I found it hard to move the adminfile to a protected directory. This becauese files are interlinked at more that one place.
i just renamed my admin.php file so it was a little more difficult to hack. seems to work.
Just put a copy of all the engine into your secure (htaccess) directory... then change the paths to point to your files. If you're using the database it's even easier, nothing to change!
Just make your own admin.php with login and MD5 encryption true a userid and password in the table.
Like on www.lookhere.nl under foto album
Try to use the admin.php over there it will not work because you have to login first to get access to it.
If you guys like it I would love to share this
I use "basic authentication" for my admin.php as I am the only user and I dont think anyone will take the trouble to sniff the password. Is there any need for anything more secure in my circumstances?
I read up on http://frontier.userland.com/stories/storyReader$2159 (although I use apache) and it seems to be good enough for me, but please enlighten....
I wrote a simple password protection program for the admin.php file
if your interested read this thread.