[eluser]Yorkshire Pudding[/eluser]
I'm going to use the first solution given(so i can get the site up), until I have time to understand and implement the second solution.
the crypt that protx sends back is
DycAHF1HGiA1WRU9VFFGAG1kOChhYTYREgsKbi8mNAEbBipVAnd9HVsORhssSUMAbwNDO3N2eWxFdzRqXiJASH8RGhlGQD1lOX1XCx0FBUAqBgsMU1wiZUYGQWhJXlFhMSdOOUdBJjcEXwI5HQ0eW3k1DwsSZjs7FVMCKw8RHRt/FhY5R0EmFhkLRWlQUkcGYWQvLmF2GGpLcjAMKEQ/eg1iLTB3dgUdMhAwPA0WFEYqEAsLR1k6ZTh5JQg7Kyd8HQcqXmJaPSw1WRU9OwECQDU2UzZ9YR4KOWA4HCwgV3YPcDwdQUAiLEt4Pgw5Nj5jEAYrPBRyJz4Cdxg8VFRXBh0RCxtHRysLAlcFLRpZP3oNASY9cX4LHFB3HDccCgUIaHFASAI=
which poses a few problems. Firstly it has '/' in it so it looks like additional url segment, and secondly it has '=' in it which is a disallowed character in config file.
Two questions really then.
1. Is it secure to allow '=' in the permitted_uri_chars.
2. Any ideas on how to overcome the '/' problem (urlencode() perhaps?)