Hylton Conacher(ZR1HPC) wrote: > User C now tries to see the confidential documents by using the username > and what he thinks User A' password is ie he wants to login as though he > was User A.
If I was user C, I wouldn't try to log in. I'd just steal the backup. Or the hard disk of the server. If the data really is important: (1) encrypt all the data, including the backups (2) physically secure the hardware - lock it all in a strong windowless interior room (lock the backups in a vault somewhere else) (3) only permit login attempts by authenticated people, preferably authenticated by another person (e.g. only permit login attempts from a terminal within the locked room, accompanied by a security guard) For anything more complex, *don't* read the books - hire a security consultant who knows the pitfalls. Cheers, Dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
