hi bluwu.
I don't want to talk about Agenda-X.
It is fact that we reported the security holes into dev.xoops.org on this March.
He didnot patch any more.
I don't criticize some developpers makes security hole.
But, once it is reported by someone, they must check and repair it with sincerity.
When sourceforge was cracked by Agenda-X's hole, I made a patch for the serious vulnerablity.
But he ignored the patch, and he blamed me "This is a plot".
His attitude was a thing not too believed easily for me.
Although I don't blame wjue's lack of skill, I don't like his insincerity.
p.s. The SQL injection will be a serious hole too if you use MySQL >= 4.0 as you know.
You are easily stolen your hashed password from crackers via Agenda-X.
And now, plain password can be calicurated from hashed password in one hour.
So, I have a plan to make a module for protecting from attacks of "SQL Injection".
This module will be useful especially for Agenda-X's users.