Corrupted Member Data
Member data must be protected from unauthorized outside access.
If your site security is breached your member file may be
vulnerable in multiple ways. If it can be changed by
unauthorized users, the results are likely to be similar to
other unauthorized changes to information on
your site. It could be embarrassing because wrong information is
presented or member access might be denied because members cannot
be authenticated against the altered data.
It might be worse if the changed data were actually part of your
central member database. As long as adequate backups are
maintained, losing the entire member file on the web site or even
a central database accessible to the web site would not likely be
more than a significant nuisance.
If the web site has direct update access to the central member
database or collects data that is subsequently merged into the
central member database, problems much worse than losing the
entire member file are possible. Among the most damaging
would be the introduction of widespread data changes,
either pseudo random or systematic, scattered throughout the
member database. If member data is updatable either directly or
indirectly from the web, then such changes might be perpetrated
by a skilled cracker. Correcting such damage could be very costly
depending on how long the damage went undetected and how
extensive the damage is.
Unless the damage is detected almost immediately, it would not be
feasible to restore data from backups. If the damage were
undetected more than a few days it would almost certainly be
necessary to develop custom programs that compared current data
to backups that were known to be prior to the damage and then
manually correct improperly changed data. Recourse to paper
documents or other records outside the system might be necessary.
Top of Page -
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is