You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should encrypt (with salt) the tokens in the datastore, with a static key deployed with the app. Tokens are already encrypted at rest, and this isn't a silver bullet against other attacks, but it defends against SQL injection style attacks that exfiltrate keys through the app itself. (We're not subject to SQL injection since we don't use SQL, but the broader idea still applies.)
The text was updated successfully, but these errors were encountered:
We should encrypt (with salt) the tokens in the datastore, with a static key deployed with the app. Tokens are already encrypted at rest, and this isn't a silver bullet against other attacks, but it defends against SQL injection style attacks that exfiltrate keys through the app itself. (We're not subject to SQL injection since we don't use SQL, but the broader idea still applies.)
The text was updated successfully, but these errors were encountered: