On 12/09/11 23:15, David Jordan wrote:
> Hi John
> I have not played around with the encryption, but to my knowledge this is not 
> the way it works.  The password is related to the data encrypted, not to the 
> user, so every user would require the same key for the data.  To change the 
> key you need to unencrypt and reencrypt the data.
> 
And what would happen if the user changed their password?

Plus, where would he get the password from? The password should NEVER
EVER be stored ANYWHERE. Any half-way decent security system mangles the
password on input, and stores the mangled version. A one-way mangle. If
a system is capable of telling you what your password is, it is not
secure (and it's dangerous. People re-use passwords. If a hacker gets
hold of that password database how many other systems have just been
compromised?)

> The other option is encryption at rest where the whole database is encrypted. 
>  This has been greatly enhanced in Rel11 of UniVerse.
> 
Cheers,
Wol
_______________________________________________
U2-Users mailing list
U2-Users@listserver.u2ug.org
http://listserver.u2ug.org/mailman/listinfo/u2-users

Reply via email to