18-02-2013, 10:47 PM -
Why don't you just add one value per user? No need to make one for all users plus one for each of them... I'm not sure how much this "double encryption" affects performance V.S. trouble for possible hackers though.
How do you want to avoid one user being targeted? Lets say the hacker targets a root or administrator account, makes two of those tables, cracks the password, changes the SUPERSECRETFIXEDVALUE ^^ and swipes all log files.
Then again is our profile encrypted too (like the e-mail or address)?
Â
Oh and is it a good idea to discuss security relevant stuff on a public forum? Or are these informationa every decent hacker would find out by her/himself?
Â
I really love this kind of discussions ^^
How do you want to avoid one user being targeted? Lets say the hacker targets a root or administrator account, makes two of those tables, cracks the password, changes the SUPERSECRETFIXEDVALUE ^^ and swipes all log files.
Then again is our profile encrypted too (like the e-mail or address)?
Â
Oh and is it a good idea to discuss security relevant stuff on a public forum? Or are these informationa every decent hacker would find out by her/himself?
Â
I really love this kind of discussions ^^
![[Image: boi10qlavfy6wwvye.png]](http://666kb.com/i/boi10qlavfy6wwvye.png)