Sorry, I should have explained better - I install punBB inside my web directory, and now let's say I have a database file forum.db which is somewhere on the web server. The user running the web server is apache, so I can set the owner of the forum.db file to be apache. I tell punBB to use that database file. That all works fine.
Now let's say another user comes along, and decides to install a forum of his own in his own web space - there is nothing to stop him from using the same database file as me, since he can use any file accessible by apache, right? There is nothing really linking the database file to a specific forum or my user on the computer. Does this make sense? Of course, I could just rely on the user being honest and using a different table prefix, but we all know that trusting users to be honest is not the best security measure :-) So he could write a php file which would essentially delete all tables in my database file, or insert spam, right?
Thanks,