teratorn
02-13-2009, 01:53 AM
Since, as I understand it, UR is cryptographically secure.
So, when a password has been set, it is vitally
important that a malicious user can't easily change a DB
password by sitting down at the keyboard (either
physically, or remotely with screen control software,
trojan horses, etc).
Backups can't always save you if you aren't using
secure versioning of your Info Database... the backup
copy can get overwritten with the newly encrypted file
that you don't know the password to.
Standard security practice dictates that you always do a
password check for things like this... should be a no-
brainer to implement, I imagine.
Thanks for listening. -teratorn
So, when a password has been set, it is vitally
important that a malicious user can't easily change a DB
password by sitting down at the keyboard (either
physically, or remotely with screen control software,
trojan horses, etc).
Backups can't always save you if you aren't using
secure versioning of your Info Database... the backup
copy can get overwritten with the newly encrypted file
that you don't know the password to.
Standard security practice dictates that you always do a
password check for things like this... should be a no-
brainer to implement, I imagine.
Thanks for listening. -teratorn