Mr. (Or should I say Doctor) Waddingham! This is a really brilliant essay on the risk, benefits and rewards in multiple scenarios concerning the storage of keys. I’ve mentioned before that I came up with the idea of “poisoning” the encrypted data before the data was transmitted. If intercepted in transit, the data itself could never be decrypted without knowing how it was poisoned and what was needed to “cleanse” it. And that would require access to either the API of the device doing the corruption or the cleansing, or else someone who knew the method.
By using this method, all but physical and social vectors are nullified. And control of those vectors is an illusion. Bob S Sent from my iPhone > On Jun 24, 2022, at 13:22, Mark Wieder via use-livecode > <use-livecode@lists.runrev.com> wrote: > > On 6/24/22 10:04, Mark Waddingham via use-livecode wrote: > >> The only way to use these keys is from server scripts running on a server >> which you do your best to maintain the security of. Ideally these keys >> should be stored in files which are only readable by specific users - >> usually the web-server user which is running the backend scripts which needs >> to make the requests. > > Or as server environment variables retrieved only by server scripts which are > not user-accessible. > > -- > Mark Wieder > ahsoftw...@gmail.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
