Read this!
the file wich holds the passwords has the same name as the .db file. (by default)
By default the pass file is also stored in the same directory as all the other files..
Password snatching is real easy if you figure the .db name out..
Look at:
http://www.gossamer-threads.com/scripts/dbman/default.pass
If you download the password an intruder can try to break the pass using a simple unix-password-cracker..
Sugested solution:
1) place the .pass file in a directory with alternate name wich is hard to guess
2) even better: place the .pass file(s) outside the www directory (location not accessible throug browsers)
Remember: Don't abuse this information! Don't become a victim by making victims!
Regards;
Michiel de Weerd
Hope this helps (a lot!) ;-)
the file wich holds the passwords has the same name as the .db file. (by default)
By default the pass file is also stored in the same directory as all the other files..
Password snatching is real easy if you figure the .db name out..
Look at:
http://www.gossamer-threads.com/scripts/dbman/default.pass
If you download the password an intruder can try to break the pass using a simple unix-password-cracker..
Sugested solution:
1) place the .pass file in a directory with alternate name wich is hard to guess
2) even better: place the .pass file(s) outside the www directory (location not accessible throug browsers)
Remember: Don't abuse this information! Don't become a victim by making victims!
Regards;
Michiel de Weerd
Hope this helps (a lot!) ;-)
Huge security risk in DBman!!