You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2020/07/17 02:24:14 UTC

[GitHub] [fineract] maektwain commented on pull request #1032: FINERACT-1034-encryption-infra

maektwain commented on pull request #1032:
URL: https://github.com/apache/fineract/pull/1032#issuecomment-659794720


   This is completely Ok, but there are some design flaws . 
   
   1. Open to attacks if private keys are stored on server . 
   2. Another issue is the API are not  best suitable as of now to handle such leaks, it's just a password guess away. 
   3. Generation of keys on the server is an expensive task. 
   4. Encryption and Decryption can happen through an identity protocol such as Elliptic Curves etc etc. 
   
   We might need to work on the server side to acknowledge the  keys are valid and then exposing functionality. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org