|
|
|
|
|
|
by elchief
4106 days ago
|
|
|
It can help in the following scenarios: 1. Hacker steals db but does not compromise web servers (because the hmac pepper key lives on the web servers and not in the db) 2. Hacker can run SQL Injection via web server, but cannot otherwise access web server memory/process 3. HMAC key is stored in a hardware security module and hacker cannot gain physical access |
|
|