On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote: > Unfortunately you still need to store them somewhere, and all systems can > be hacked.
Yes. I agree, in principle, that "don't store them" is the best advice -- this is standard _Translucent Databases_ advice, too. For the least-stealable data is the data you don't have. But if there is a business case, you have to do the trade off. And security is always a tradeoff (to quote Schneier); just do it well. (Someone else's advice about hiring a security expert to audit this sort of design is really a good idea.) A -- Andrew Sullivan | [EMAIL PROTECTED] The plural of anecdote is not data. --Roger Brinner ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly