Sprint 3 - Encrypting Database files

DeltaO3 / UWAttend---3200_27

Repository for CITS3200 group 27

1 stars 1 forks source link

Sprint 3 - Encrypting Database files #63

Closed Ay1tsMe closed 1 month ago

Ay1tsMe commented 2 months ago

Local database files need to be encrypted for security reasons. They should not be accessible by a user unless they have encryption keys.

From a bit of research, best practice is to:

Enable TDE that connects to the database
Generate and distribute encryption keys to each team member (NOT THROUGH GIT!!!)

DeltaO3 commented 1 month ago

Is this about security through the hosting service? We dont have local database files anymore.

Ay1tsMe commented 1 month ago

app.db needs to encrypted. Otherwise anyone who has access to app.db can query the data (Main concern is a black hat having access to all records of students). Both on the server and locally when we initialising app.db, the code should encrypt the database.