Quote:
I'm convinced of the added value of the protector module, but i would like to remark a minor security risk in the config.
What you said is right.
Althogh Protector's password itself is not so important, some administrators can set it same as his important password.
It sounds an issue of usages.
I've just added an notice like this.
"Don't set this password same as your important password"
Anyway, it is better if any password is encrypted.
It will be added into Protector >= 2.4.
Quote:
I have also noticed some problems , when I use relative urls in real html code enabled comments of the polls modules, I hope to find out why tomorrow.
What is the problem ?
HTML comment is disabled automatically by Protector.
It is a protection against XSS.