|
|
|
|
|
|
by nine_k
738 days ago
|
|
|
An intruder gains access to an API box, and could try to read sensitive data from a DB. But the interesting fields are encrypted, and the key is somewhere in RAM. Not impossible to exfiltrate, but takes much longer time and more skill, thus cannot be made an unattended malware payload. Also, a key for one customer won't give access to data of other customers, even if the common database access credentials are obtained. |
|
|