On 12/09/11 23:15, David Jordan wrote: > Hi John > I have not played around with the encryption, but to my knowledge this is not > the way it works. The password is related to the data encrypted, not to the > user, so every user would require the same key for the data. To change the > key you need to unencrypt and reencrypt the data. > And what would happen if the user changed their password?
Plus, where would he get the password from? The password should NEVER EVER be stored ANYWHERE. Any half-way decent security system mangles the password on input, and stores the mangled version. A one-way mangle. If a system is capable of telling you what your password is, it is not secure (and it's dangerous. People re-use passwords. If a hacker gets hold of that password database how many other systems have just been compromised?) > The other option is encryption at rest where the whole database is encrypted. > This has been greatly enhanced in Rel11 of UniVerse. > Cheers, Wol _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
