Install WordPress security question

Have you dropped your database as well ?
Did you closed your browser window ? or did you stayed logged in ?
there is no security problem in the install process of WordPress, not that I know of.. AND NO ONE else can log in for you, or finish installation for you … (IMHO)
The problems occur (usually) when a user, for lack of knowledge, Is doing some operation that is not entering the correct workflow.
But that is why this support forum exists.
So, the first question .. did you dropped the database as well ?
Did you changed the config file ? new prefix ? new security key >?

All the old files got deleted. I copied the config file from the old to the new WordPress installation. Changed the secret key to
define(‘AUTH_KEY’, ”);
define(‘SECURE_AUTH_KEY’, ”);
define(‘LOGGED_IN_KEY’, ”);
As suggested by the website for random key generation.

(Never actually post your secret keys anywhere… – mod)

Database and table is still the same.
Using the same browser window to do the installation and the uploading of the WordPress installation files.
So, from what I am guessing, there is a cookie stored on my computer that will verify that it is actually me going through the installation process.
I worry because if I have to upgrade to 2.7 or higher, but I need to clean the directory and upload the files, Google will still have the cached site in its search. Therefore, if someone goes to my site, I worry that the first thing they will see is the installation page.
When I do the installation, I go to aprivatebeach.com/blog. This is where the blog is installed.

Yes, if you upload the files and don’t install, ANYONE going to whatever.com/wp-admin/install.php could install. But why would you upload and not install? Once you’ve installed if someone went there they’d get a screen that says it’s been installed.

It is the time difference. After the uploading, it only takes an instant to get to the install.php. Therefore, if a site gets say 10000 hits a day, he/she could be upgrading, but unable to install because someone got there before he/she did.
This seems to be a security issue to me.

Database and table is still the same.

like I said, If you did not touched the DB , and stayed with the same browser window, so actually, you never logged out, and by the DB check, you are still a valid user, and logged.
There is no security issue, no one else can go inside.
However, like I mentioned before, this is NOT THE CORRECT WAY of doing this process..
The correct way would be to put another INDEX file , telling people that you are UPGRADING and be back in no time..
There is even a plugin to do that .. search for it .

I thought it may be a security issue. I was wrong.
Thanks for the help.

Now, I can actually sleep without getting grey hairs.

Sorry, I thought the secret key website was generator code. I did not realize it was an actual key. I assumed that it was source code that would randomly generate the key in the config file. I changed it again.