#1
|
|||
|
|||
Please verify current password when changing DB password
Since, as I understand it, UR is cryptographically secure.
So, when a password has been set, it is vitally important that a malicious user can't easily change a DB password by sitting down at the keyboard (either physically, or remotely with screen control software, trojan horses, etc). Backups can't always save you if you aren't using secure versioning of your Info Database... the backup copy can get overwritten with the newly encrypted file that you don't know the password to. Standard security practice dictates that you always do a password check for things like this... should be a no- brainer to implement, I imagine. Thanks for listening. -teratorn |
|
|