First I want to say how much I love this little board. But (there's always a but) I was wondering, the user passwords are crypted but why is the admin pass left in clear text in the options file instead of crypted and placed in the DB? Leaving the admin pass in clear text can't be good.

Maybe I'm missing something. I've changed my pass in preferences (at least I go through the motions) but the auth for admin doesn't use the new pass, it still looks at the pass in the options file.

Tell me if I'm missing something that's right in front of my face. If not, is there plans to rectify this in later releases? So far this is the only negative I can see with this BB.

Peace...

webseeker
it still looks at the pass in the options file
Yes, that's true. Manual describes it.

As for admin password, you are right, the only place where it is opened is options file. So, is it secure? We apologise, yes. In options file, there are also more important password saved, for example, password and login to sql database. This is php file, so if you simply run it in browser, it will display NOTHING. And, we think, it is more secure that keeping encrypted passwords in database. Because NOBODY except owner of forums can change it and view it, and you can do it ONLY via FTP, not directly from browser. So, it is secure, don't worry :)

Beginning from the version 2.0, it's also possible to store admin's password directly encoded as MD5 hash.