I am using another gallery software so far. Since I have experienced several hacking attemps I had to disable the upload feature making the whole thing fairly useless. Now I wonder if PhotoPost is more secure. The problem always has been that people uploaded pictures or avatars that were no pictures but some malicious code that then has been executed when the "image" was displayed. Is there a routine that checks if an uploaded file thats named *.jpg is really a jpeg-image? And can you restrict uploads to certain extensions only?