This is a great best-practice explanation. Perhaps someone can turn it into a blog post and put it on the site. Thanks again
On Fri, Jun 24, 2022 at 6:24 PM Bob Sneidar via use-livecode < use-livecode@lists.runrev.com> wrote: > Mr. (Or should I say Doctor) Waddingham! This is a really brilliant essay > on the risk, benefits and rewards in multiple scenarios concerning the > storage of keys. I’ve mentioned before that I came up with the idea of > “poisoning” the encrypted data before the data was transmitted. If > intercepted in transit, the data itself could never be decrypted without > knowing how it was poisoned and what was needed to “cleanse” it. And that > would require access to either the API of the device doing the corruption > or the cleansing, or else someone who knew the method. > > By using this method, all but physical and social vectors are nullified. > And control of those vectors is an illusion. > > Bob S > > Sent from my iPhone > > > On Jun 24, 2022, at 13:22, Mark Wieder via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > > On 6/24/22 10:04, Mark Waddingham via use-livecode wrote: > > > >> The only way to use these keys is from server scripts running on a > server which you do your best to maintain the security of. Ideally these > keys should be stored in files which are only readable by specific users - > usually the web-server user which is running the backend scripts which > needs to make the requests. > > > > Or as server environment variables retrieved only by server scripts > which are not user-accessible. > > > > -- > > Mark Wieder > > ahsoftw...@gmail.com > > > > _______________________________________________ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
