Replies: 1 comment 1 reply
-
@zdanl, thanks for raising this!
So, if the project owner only has the key, how would Appwrite decrypt any of the project data for any of the operations needed for end users. For example, If you set up OAuth2 integration with Google, you have to give Appwrite a client ID and secret. This client ID and secret needs to be used when end users log in for the OAuth2 flow. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The ability to scale is paramount and Appwrite Cloud for sure looks like a functional and profitable, viable business model. Unfortunately it's a bit like giving your users data to Firebase, neutralizing the ideals and promise of self-hosted and open source in general.
I haven't thought this through, but is there a way to generate a cryptographic key upon first registration of the Appwrite Project Owner, that he or she retains in the browser (Passkey API) or a Password Manager like Proton Pass; limiting Appwrite Employees ability to grasp the contents of a MariaDB even if they wanted to?
I realize most use cases, even querying, or displaying user owned data back in the app, prevent this categorically, but there is an academic concept called Homomorphic Encryption
https://stackoverflow.com/questions/50467084/execution-of-homomorphic-encrypted-queries-on-databases
https://en.m.wikipedia.org/wiki/Homomorphic_encryption
Food for thought.
Beta Was this translation helpful? Give feedback.
All reactions