Replies: 1 comment
-
Agreed; secrets not being encrypted at rest is very dangerous. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
As far as I am informed, today all data is stored in plain text, both in local storage and, actually, even more serious is storing it on the server, be it on premise or in the cloud.
In discussion #3020 there was no contrary statement regarding "what is their security"
In my case we have more than 300,000 employees, so internal hosting is far from enough to protect the credentials used and stored.
Both hoppscotch.io and self-hosted are, in principle, a gigantic honeypot for evil activities without data encryption at the user/team level.
To make a suggestion: environments, but better also the collections, should be encrypted user/team wise.
With an additional password per team/user which is not known to the backend and only for client-side encryption and decryption.
Beta Was this translation helpful? Give feedback.
All reactions