timothyclaypole

joined 1 year ago
[–] [email protected] 1 points 1 year ago (1 children)

Just to add some clarification. Client side encryption basically means that all of the content on the server is always encrypted (or at least it is once it’s been saved on a client using client side encryption).

The whole point is that the server is entirely unable to decrypt the data - there’s no possibility of some cached credentials being used to decrypt the data when you aren’t logged in, there’s no risk of accidental decryption keys being saved in log files. All the decryption takes place on the client and any bad actors would need to compromise your local PC to get access to your data.

Done right this is the best solution for what you are looking for.

[–] [email protected] 1 points 1 year ago

This is one of the cases where there’s a real practical advantage to having a reverse proxy in front of your site/software. The proxy could be configured very easily to drop any access to that specific URL .