|
|
|
|
|
|
by steve19
5534 days ago
|
|
|
I love your product but your encryption is pretty useless and y'all must know it. It only protects my data if your S3 account is compromised. There is a much greater chance that your web frontend, servers or client are compromised (either by an external or internal attacker) and then my files are easily accessed and decrypted. It is like naive programmers who store user passwords with 'government level encryption' instead of correctly salting and hashing them, thus having to put encryption key in the source code select AES_ENCRYPT("user password", "our secret key"); Saying your CEO can't access it, is just more security theater. |
|
|