View Single Post
  #1  
Old 02-13-2009, 12:53 AM
teratorn teratorn is online now
Registered User
 
Join Date: 11-20-2006
Posts: 33
Please verify current password when changing DB password

Since, as I understand it, UR is cryptographically secure.
So, when a password has been set, it is vitally
important that a malicious user can't easily change a DB
password by sitting down at the keyboard (either
physically, or remotely with screen control software,
trojan horses, etc).

Backups can't always save you if you aren't using
secure versioning of your Info Database... the backup
copy can get overwritten with the newly encrypted file
that you don't know the password to.

Standard security practice dictates that you always do a
password check for things like this... should be a no-
brainer to implement, I imagine.

Thanks for listening. -teratorn
Reply With Quote