Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The utility has a means of encrypting them with public key cryptography so that the plaintext is never in your development directory. GP thinks this should be made mandatory.


point is: where and how you do get this key when in prod?


Part of my point is that if you care about security, you need to be thinking about these things. Forcing encryption then also forces you to think about how to provide the key. Of course, it's possible to do this in a very insecure way that defeats the purpose of encryption in the first place, but I think it moves things in the right direction.


The "securest" way is, you start your app and the app awaits the input of the key, it is only in the RAM.

But in reality, nobody will do that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: