|
|
|
|
|
|
by rickycook
4388 days ago
|
|
|
Not to mention that it will protect the data at rest in the DB, where storing crypto keys on the server is as bad as plain text because they can just be harvested from wherever you store them... Obviously. Now, if your server is compromised then the attacker can deliver JS to the client, but the client needs to load the page and decrypt their data for this to apply; the attacker can't just wholesale steal all your data. |
|
|