The unprofessionalism of a public "lynching" by the original poster (and a few others) astounds me to no end.
I've been a customer of PowerDNN since their inception and have not had one single issue with the way they handle their end of the business. I am actually quite proud to have them "watching my back" instead of being an absentee landlord as a hoster.
They have been nothing but professional, courteous, helpful and completely knowledgable on the subject of hosting, DNN, and best practices. If they felt that there was a serious security flaw in DNN that could potentialy affect 1000's of installed client bases on THEIR SERVERS (which BTW is their property, not yours) then they had every right to alleviate that threat IMMEDIATELY until the core team could be notified and a proper fix released, if needed.
The only issue I take with PowerDNN themselves is that they released the information to the public through their site and through a press release prior to talking with the core team or Shawn personally. This lack of judgement, for lack of a better description, could have potentially affected many DNN users sites because of the very public nature of the information released.
I would only ask that EVERYONE out there follow the proper guidelines in reporting security issues to the core team and not publicly first. The interest of the entire DNN community is at risk when doing so.
It's quite unfortunate that a lack of judgement and professionalism was displayed in what is otherwise a very strong and courteous membership.
Edward DeGagne | Applications Engineering Manager
ektron, inc.
542 Amherst Street, Route 101A | Nashua, NH 03063