thielj
thielj
See second paragraph here: https://learn.microsoft.com/en-us/azure/mariadb/concepts-security Without a (hardware based) KMS infrastructure in place, MariaDB's encryption at rest features won't be of much help.
Every backup will be in cleartext (except for file system based snapshots before you start nitpicking). Every other leak of database connection details will be able to access the data...
As I said before, I'm no JS programmer. But it's something like this to set you up. ```js const crypto = require('crypto'); const key = crypto.scryptSync(user_supplied_seed, your_chosen_salt, 24); const iv...
We're running in circles here. Just read my comment you marked as spam. You have two choices: 1. limit your user's exposure in cases where a partial exploit of U-K...
> I don't think that for this attacker, having symmetric crypto stored in the DB would make a difference, if we store the key material in the environment variables. Where...
You're not just planning to do something which you repeatedly argue against as making no difference - you're even going further and plan to write that information to disk. I'm...
> If one of these goals comes into conflict with security or data protection, we are going to chose the better UX. Put that on top of your README
how do i remove a label?
The primary advantage of passing a user a link (with a longer expiration than 5 minutes, obviously) is that it enforces a password change before the user can login. This...