search

google-code-export / sandy-disaster-recovery

Automatically exported from code.google.com/p/sandy-disaster-recovery
2 stars 2 forks source link

Encrypt DB #24

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
If possible, the database should be stored encrypted.  It should go without 
saying that authentication data (such as passwords) should be hashed with a 
strong algorithm.  Sensitive data such as a person's name, age, address, and 
contact information is the next highest priority to secure.

Original issue reported on code.google.com by v...@aarontitus.net on 5 Nov 2012 at 9:21

GoogleCodeExporter commented 9 years ago 
I'll be honest. This is not the weakest link in our security. If we want to hit 
the lowest hanging fruits, we should be adding XSRF protection and using OpenID 
or Google Accounts for authentication. The probability of Google's servers 
being hacked to read these data is very low, much lower than the probability of 
them being intercepted by a malicious user.

Original comment by rostovp...@gmail.com on 7 Nov 2012 at 3:40

GoogleCodeExporter commented 9 years ago 
Fair enough.

Original comment by v...@aarontitus.net on 7 Nov 2012 at 4:34