On Tue, Jun 05, 2007 at 07:29:02PM +0100, Peter Childs wrote:
> Unfortunately you still need to store them somewhere, and all systems can
> be hacked.
Yes. I agree, in principle, that "don't store them" is the best
advice -- this is standard _Translucent Databases_ advice, too. For
the least-stealable data is the data you don't have.
But if there is a business case, you have to do the trade off. And
security is always a tradeoff (to quote Schneier); just do it well.
(Someone else's advice about hiring a security expert to audit this
sort of design is really a good idea.)
A
--
Andrew Sullivan | ajs(at)crankycanuck(dot)ca
The plural of anecdote is not data.
--Roger Brinner