Hylton Conacher(ZR1HPC) wrote:
User C now tries to see the confidential documents by using the username and what he thinks User A' password is ie he wants to login as though he was User A.
If I was user C, I wouldn't try to log in. I'd just steal the backup. Or the hard disk of the server. If the data really is important: (1) encrypt all the data, including the backups (2) physically secure the hardware - lock it all in a strong windowless interior room (lock the backups in a vault somewhere else) (3) only permit login attempts by authenticated people, preferably authenticated by another person (e.g. only permit login attempts from a terminal within the locked room, accompanied by a security guard) For anything more complex, *don't* read the books - hire a security consultant who knows the pitfalls. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org