Collaborate Disseminate
I want to make it impractical to link the users to their sensitive data without their passwords – even with a full access to the database.
Furthermore, if a user has multiple pieces of sensitive data, I also want to avoid linking the diffe… Continue reading Encrypting links between registered users and their sensitive data
After reading through the answers of the related question (the same question but about integer primary keys), I was wondering if there is any reason to hash uuidv4 primary keys and sending the hash to the frontend instead.
Since uuidv4 Ids… Continue reading Should I obscure database primary keys for the frontend even if these ids are uuidv4 Ids?
Given a server hosted on a cloud platform, what would stop the cloud platform owner from stealing the server’s data and/or code?
As far as I can tell, a motivated cloud owner could retrieve the data in its servers while keeping plausible d… Continue reading What (aside from the law) prevents cloud-hosting owners from eavesdropping on servers/code?
We had MongoDB on a server that only listen is own, but our client required us to change MongoDB to another server, so first I ask them if the network was private or I should set a firewall to do the replica and then changed the other conf… Continue reading How can MongoDB be hacked on a private network [closed]
Why is it a big deal here on this website and on the internet about the "ISP spying on people’s browsing activities"?
Because in the end, ISPs are going to delete all User data as per their own data retention policies. If in the … Continue reading Why is it a big deal here on this website and on the internet about the "ISP spying on people’s browsing activities"? [closed]
My previous posting on the Proud Boys spam email speculated that voter records were widely available for such purposes. Here’s a story from 2017 reporting that voter data for about 198 million Americans was spilled from a “storage bucket” on Amazon’s S… Continue reading Old Story: Leaked Voter Records
I’m developing a web-app which communicates with an external email message application through its HTTP API. My web-app consists of a JS (Svelte) front-end and a Node.js back-end.
Each user on my app will be getting a different API key fo… Continue reading Saving secrets (API-keys for external application) per user in database (PKI?)
Give that OrientDB exposes a REST HTTP API, and that it seems to have quite a few security features, what are the (especially security) implications of querying OrientDB directly from a front end web application, without writing and using … Continue reading Implications of querying OrientDB directly from front-end
I was planning to start a project that’s sort of like a hybrid mix of banking system and commercial system.
In such case, considering that I need to encrypt the data at database level with a prevention of both insider’s and outsider’s atta… Continue reading Is centralized key management better or decentralized key management better to prevent attacks on database level?
Can a specific table in a database be flagged as immune to backups so that an attacker who has compromised not only your database and web server application source code, except also all of your on-site database backups does not have access… Continue reading Can a specific table be made immune to backups?