This repository was archived by the owner on Jun 25, 2018. It is now read-only.
This repository was archived by the owner on Jun 25, 2018. It is now read-only.
Document the security mechanisms used #54
Description
It would be nice to know a bit more about how encryption is used in this project, so that would-be users can evaluate it easily before adoption and testing.
Things like what data is encrypted, when and how, and what is not.
Having a threat model document would be wonderful, describing common attack scenarios and whether this app is good to prevent them. Such as:
- network sniffing (esp. in cybercafe scenarios where a mitm could be done even if you are using https, via a malevolent dns server and stolen root certs)
- reading data in-memory of the php app (or its logs and source code)
- are the passwords safe from dbas or anyone stealing the db
- etc...