On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote: > Unfortunately you still need to store them somewhere, and all systems can > be hacked. Yes. I agree, in principle, that "don't store them" is the best advice -- this is standard _Translucent Databases_ advice, too. For the least-stealable data is the data you don't have. But if there is a business case, you have to do the trade off. And security is always a tradeoff (to quote Schneier); just do it well. (Someone else's advice about hiring a security expert to audit this sort of design is really a good idea.) A -- Andrew Sullivan | ajs@xxxxxxxxxxxxxxx The plural of anecdote is not data. --Roger Brinner
