|
|
|
|
|
|
by Someone
1214 days ago
|
|
|
> realistically if your DB is compromised, your encryption key probably is too, because they probably got in through your application which holds the key in memory. Not necessarily. It can reside in memory that isn’t readable by your web application (e.g. in a different process, in the OS kernel, in Apple’s Secure Enclave or ARMs TrustZone)) If your hardware supports something like that, you should seriously consider using it. |
|
|