I have the following requirement: Users on my site have some sensitive data, meaning that ONLY the owner user should be able to read it. In other words: I have to make sure that not even the site/sql administrators can (human) read the content.
I am trying to implement the following approach: When saving the data, encrypt it by using the user password. When serving the data to the user, decrypt it using the user's password. I can handle the password-change scenario by re-encrypting the user data. However, the issue is that the only time I have the user password is during Loging-In and I am not sure it's a good idea to 'hold on to it' by storing it in the user profile in-mem object.
So, how would I go about such requirement? Again - the goal is that only the user should be able to en/decrypt their data on the fly. Any tips appreciated.
Aucun commentaire:
Enregistrer un commentaire