Hacker News new | ask | show | jobs
by wglb 3183 days ago
That protects the data between the browser and the web server (or SSL offloader) from eavesdropping and tampering. It does not protect against the case where the attacker gains authorization, over HTTPS, to administrative access at the web server.
1 comments
paulddraper 3183 days ago
Right. So what hypothetical encryption was cody8295 referring to?
link
FuckOffNeemo 3183 days ago
As stated above, the data was not encrypted at rest.
link
paulddraper 3183 days ago
Encrypting at rest wouldn't have solved anything.

They didn't steal the disk. They gained access to the web server, which would have access to the unencrypted data.

link