Good morning,
Sorry for my English, I only speak Spanish.
I think a small improvement would be, once an S3 is connected as a backup system, to obscure or cover up part of the access data, as we do with the API, so that, in my case, where I share some buckets, these are not compromised.
Thank you.
Obfuscate S3 Repository Data
Obfuscate S3 Repository Data
- Attachments
-
- key.jpg (13.96 KiB) Viewed 188 times
Re: Obfuscate S3 Repository Data
Hello,
The remote connection data is always encrypted and stored securely in the database. It is encrypted as soon as you access this page.
Even if the database were compromised, the data could not be decrypted without the main encryption secret and other information, which are stored securely on your server.
If your account itself gets compromised, this data could theoretically be exposed - in that case, its recommended to enable Two-Factor Authentication or WebAuthn (Profil settings) for additional protection.
The remote connection data is always encrypted and stored securely in the database. It is encrypted as soon as you access this page.
Even if the database were compromised, the data could not be decrypted without the main encryption secret and other information, which are stored securely on your server.
If your account itself gets compromised, this data could theoretically be exposed - in that case, its recommended to enable Two-Factor Authentication or WebAuthn (Profil settings) for additional protection.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Obfuscate S3 Repository Data
Good morning,
Sorry for not replying sooner, I didn't subscribe to the thread and couldn't see your reply.
I understand that everything is protected at the database level...
The issue I'm raising is that I use one bucket to store several copies from different servers, and those servers have an administrator other than me... and this administrator can see the bucket's configuration data and connect...
If, as you say, that information cannot be accessed, but at the panel level, that information, as we do with the API, is not fully displayed when editing the custom repository configuration.
Currently, what I do on these types of machines is, once the repositories are configured, I remove the main administrator option from the other administrator so that they cannot access the white label, and then I use an adapted CSS to hide that information from all users.
That is why I am telling you that if that information remained as the API, which is only displayed once, it would be very good for prying eyes.
Thank you for your interest, as always.
Hide custom repository connection data
.textarea {
display: contents;
/* max-width: 100%; */
/* min-width: 100%; */
/* padding: calc(.625em - 1px); */
/* resize: vertical; */
}
Sorry for not replying sooner, I didn't subscribe to the thread and couldn't see your reply.
I understand that everything is protected at the database level...
The issue I'm raising is that I use one bucket to store several copies from different servers, and those servers have an administrator other than me... and this administrator can see the bucket's configuration data and connect...
If, as you say, that information cannot be accessed, but at the panel level, that information, as we do with the API, is not fully displayed when editing the custom repository configuration.
Currently, what I do on these types of machines is, once the repositories are configured, I remove the main administrator option from the other administrator so that they cannot access the white label, and then I use an adapted CSS to hide that information from all users.
That is why I am telling you that if that information remained as the API, which is only displayed once, it would be very good for prying eyes.
Thank you for your interest, as always.
Hide custom repository connection data
.textarea {
display: contents;
/* max-width: 100%; */
/* min-width: 100%; */
/* padding: calc(.625em - 1px); */
/* resize: vertical; */
}
Re: Obfuscate S3 Repository Data
Thanks for the additional information.
I will put it on the roadmap for an upcoming update.
I will put it on the roadmap for an upcoming update.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Obfuscate S3 Repository Data
Thank you very much for your consideration
--- and for agreeing to incorporate this modification.
Thank you.
--- and for agreeing to incorporate this modification.
Thank you.