So long as your web server is configured correctly, Question2Answer will not reveal anything inappropriate to visitors of the site, or compromise your data. It prevents SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and form spoofing attacks by checking and/or escaping all user input as appropriate. In order to be extra secure, you may wish to take the following additional steps after installation:
qa-install.phpfile inside the
qa-includedirectory of your Question2Answer installation. If for some reason your MySQL database is lost or corrupted, this prevents normal users from being able to create a new database or repair tables.
qa-config.phpfile to a location which is outside any directory served by your web server. Then create a new
qa-config.phpfile in its place which references the old file using the require PHP function. If your web server were to become misconfigured and start serving the raw code in
.phpfiles, this would ensure that your MySQL details remain hidden.
qa_words. These contain information which is temporary or which can be recalculated from other tables in the database. After restoring from a backup, Q2A will automatically offer to recreate these tables, after which you should click each of the 'Recalculate'-style buttons at the bottom of the 'Stats' page of the 'Admin' panel.