Timeline for Web Application encryption key management
Current License: CC BY-SA 3.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 4, 2011 at 11:01 | answer | added | AviD♦ | timeline score: 31 | |
| Jun 30, 2011 at 20:47 | vote | accept | Rob | ||
| Jun 27, 2011 at 14:59 | comment | added | Rob | @D.W.: thank you for the suggestions. I have tried to add some more information above, but also I am trying to keep this generic. Not so much because I don't want to discuss details but because I'm interested in this specific aspect of encryption and web applications. You are correct that it may not be the best or even a suitable solution. Hopefully soon I can get some more detail oriented questions out here, but I'm looking to learn more about this aspect of encryption as I don't feel that it's well discussed in resources I've read (meaning I'm probably missing stuff!). Thanks again! | |
| Jun 27, 2011 at 14:56 | history | edited | Rob | CC BY-SA 3.0 |
added 598 characters in body
|
| Jun 26, 2011 at 6:31 | comment | added | this.josh | Sometimes it is difficult to bridge the gap between theory and implementation. Most of those resources are assuming you are familiar with both the theory and the practice, and are able to translate "protect the data" into encryption, key (creation, storage, use, and retirement), hashing, user account management, access controls, loggin, auditing, indentification, authentication, authorization, ... Well you get the idea. Security is complicated. | |
| Jun 26, 2011 at 4:31 | comment | added | D.W. | This question is poorly posed. Why do you want to use encryption? What threats are you trying to defend against? It is not clear that encryption is of any use whatsoever here, given that the web app has the keys to both encrypt and decrypt all the data. I suggest you're more likely to get useful answers if you explain what problem you are trying to solve and what the threat model and constraints are, rather than pre-supposing that a particular mechanism (e.g., encryption) is the answer. | |
| Jun 25, 2011 at 17:28 | history | tweeted | twitter.com/#!/StackSecurity/status/84674382647132161 | ||
| Jun 24, 2011 at 15:40 | answer | added | Rakkhi | timeline score: 11 | |
| Jun 24, 2011 at 15:00 | history | asked | Rob | CC BY-SA 3.0 |