|
|
|
|
|
|
by jasfi
1938 days ago
|
|
|
I've thought about this, and researched it too, and see two problems with encrypting user data in the DB: 1. You would have to use an external search engine to index user data, and that would need encryption too.
2. If the user forgets their password then their data is inaccessible.
There are ways around 2, but the most obvious way is to encrypt the password with answers to 3 common but difficult to know questions. |
|
|
If your data is stored in a 3rd party database its common to just use one secret key (which only your app has access to) for all the data to prevent the 3rd party from reading it.