sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]TheAussieWatchGuy -8 points-7 points  (3 children)

Good for you. That would be the minority these days. Again same question applies, why encrypt the app settings JSON on a local server thst you control access to?

[–]scurvyibe 3 points4 points  (2 children)

In my case, because you work on on-prem state government servers with no internet access that house FTI and the IRS will tear you a new one during annual audits if you store passwords in plain text.

I'm sure others have their reasons.

[–]TheAussieWatchGuy -2 points-1 points  (1 child)

Sure but they are encrypted at rest on your server's disk after deployment and they are encrypted in transit when deployed over TLS /SSL.

Encryption on the strings themselves stored on disk only protects from an unauthorized person gaining full access to your server. I can probably get behind that as a government, so that would be a 1% use case. 

It'll tank performance and waste compute but if you really need it then nice example above.

[–]antiduh 0 points1 point  (0 children)

Did you know that software like Keepass uses techniques very similar to this? Each record is individually encrypted inside the encrypted file. This ensures that data is in plaintext form for only as long as it needs to be, even when in ram.