I just installed phpFormGenerator 2.05 and realized that it leaves the mySQL database password in one of the files (maybe more) without any encoding. Can that cause a problem? Can someone download that one file (forms/process.php) and get the password? Is is possible to encode the password?
Also, its admin panel is not secured in any way and goes straight into one of the tables in the db without the need for a password. Other than password protect the directory that the admin panel is in, is there anything I can do to add a little bit of security?
