wwforum.mdb

I have a question about the security issue involving the wwforum.mdb database. is this still a potential threat to my forum? i read somewhere on the net that hackers use this file to get people's passwords. i opened it in microsoft access and it looks like the passwords are encrypted. are they encrypted and how? should i still move this file or change the name? i'm the administrator and i can't even read my member's passwords. how could a hacker figure it out? it doesn't look like much of a threat to me, but i could be wrong.

It is still best to move the forum and place it in a private folder if possible. All the passwords are encrypted, however, if the hacker gets hold of the ASP files and the database he will have a better chance of hacking your forum.

Another factor is that if your database can be downloaded it invites people to do so and may use up your bandwidth if you have a large database.

There are a few other reasons well, but considering how easy it is to move or rename the database, I think the above reasons make it worth it!

Yes this is a serious threat, and it is a very good idea to rename and move your database, heres what happened to a site that didn't.
http://www.netherworldusa.com/forum/forum/default.asp
They were hacked immediately because a quick search on google of:
allinurl: wwFoum.mdb
Its the only site that comes up, and I was looking for one to see how easy it is to hack it, to prevent this from happening to my own forum.

if your on a fronpage web can you move the database to the ../_private folder and have it secure? that folder does require the person to know the frontpage username and password to gain access to files in there.

In theory this should work should it not?