You have seen that in some circumstances gaining control of Informix without a user ID and password is trivial; the attacker needs only to exploit the overly long username buffer overflow. If the attacker already has a user ID and password, he may be able to use one of the techniques described here to compromise the server. That said, with a few patches and configuration changes, Informix can be made considerably more secure and able to withstand attack. The next chapter looks at securing Informix.