Zephyn
Bluelighter
- Joined
- Oct 31, 2020
- Messages
- 2,054
it would be good if upon creating an account, PGP (or better) keys are generated for the user encrypted with their password, all you store in your db is their password hash, and pgp encrypted messages, which are on the fly decrypted with their password, which you could store in the session, have no session logs/route them to /dev/null
obviously not perfect, but better security.
this would protect your users in the event your db is ever hacked or seized, and wouldn't require any special effort from the end user.
obviously not perfect, but better security.
this would protect your users in the event your db is ever hacked or seized, and wouldn't require any special effort from the end user.