After all the detailed excusion to the security risks lurking around your pristine installation of PHP-Nuke that was undertaken in the previous sections, you may
be asking yourself if there is anything you can do to avoid them. Indeed, following the advice in this section, will render your PHP-Nuke system as secure as can
But there is also one point you should understand while talking about software (and especially Web software) security: there is no absolute security! You can make life very difficult for the
hypothetical "malicious user", but then, given enough (time, money and criminal energy) resources, every system connected to the Web can become vulnerable. Thus, if your carreer depends on this, hire
a security professional to check the code for you.
However, even if you are on your own, you can still do a lot to guard against security vulnerabilities. You can:
Stay current on developments and apply security fixes (see Section 23.4.1).
Many of the most important security risks arise from the fact that HTML is allowed in the News and Forums, or that users are allowed to upload avatars or mail attachments to the web server. You
can thus diminish the attack potential against your site, if you disable HTML and uploads. But of course, this will not protect you from everything, so read on!