Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store encrypted profile information with no way to access it without the key which is sent to client and never stored on the server #3469

Merged
merged 11 commits into from
Jan 3, 2025
Merged

Store encrypted profile information with no way to access it without the key which is sent to client and never stored on the server #3469

merged 11 commits into from
Jan 3, 2025

Conversation

deepakprabhakara
Copy link
Member

@deepakprabhakara deepakprabhakara commented Dec 30, 2024
edited
Loading

generate a per code/token encryption key and send it to the client, store the encrypted value so that PII exposure of storing profile is dropped to zero

What does this PR do?

Fixes # (issue)

Type of change

  • Updated dependencies
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How should this be tested?

  • Existing unit tests

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code and corrected any misspellings
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@deepakprabhakara deepakprabhakara marked this pull request as ready for review December 31, 2024 13:17
alnr
alnr approved these changes Jan 2, 2025
View reviewed changes
Copy link

@alnr alnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Crypto implementation is OK as far as I can see.

@deepakprabhakara deepakprabhakara merged commit 416fd09 into main Jan 3, 2025
5 checks passed
@deepakprabhakara deepakprabhakara deleted the tweak/reduce-pii-data branch January 3, 2025 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niwsa niwsa niwsa approved these changes

@alnr alnr alnr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@deepakprabhakara @niwsa @alnr