GDPR: Review checkpoint service security

dotmesh-io / dotmesh

dotmesh (dm) is like git for your data volumes (databases, files etc) in Docker and Kubernetes

https://dotmesh.com

Apache License 2.0

539 stars 29 forks source link

GDPR: Review checkpoint service security #438

Open alaric-dotmesh opened 6 years ago

alaric-dotmesh commented 6 years ago

Do we adequately protect data from the checkpoint service? Is the ping from the user's DM cluster to our checkpoint service done over HTTPS? Is the onward transit of the tracking data to segment done securely?

We need to protect against attackers viewing the data therein.

alaric-dotmesh commented 6 years ago

If there's no Personally Identifiable Information (PII) collected, we don't need to worry so much about https://github.com/dotmesh-io/dotmesh/issues/437 (checkpoint service security)!