Encrypt Service Name !!! #365
Comments
|
The decision was made to allow server-side filtering/searching on services. I understand it can be considered as sensitive as the secret or the email data though. The unexpected part is that finally no server side filtering is implemented 😅. I don't want to restrict the api capabilities completely, so I suggest to handle it via an admin option. Something like a yes/no checkbox called "Encrypt service names" and a legend explaining why and how it affects the behavior of the api. It could be set to On by default. |
|
I feel you man, it's hard to maintain an open source project for free. There's so many nice ideas, but not enough time 😅 Just query all the users entries and decrypt them on the fly for filtering in php. There shouldn't be much of a performance impact compared to sql query filtering. Might be even faster if you cache the decrypted data |
|
Many thanks for your feedback and your sponsor. I hope to have some time in August to work on this, it will be at the top of the list. |
Why was service name not considered sensible when you added encryption?
I'm not allowed to leak any of my sensible 2FA services, so I had to double check the code if my data is really 100% encrypted, but service name was NOT ENCRYPTED!
It would be nice if I didn't have to add extra encryption to the database file manually before syncing it to the backup cloud.
I will leave a donation when this gets implemented!
The text was updated successfully, but these errors were encountered: