-
-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No encryption of user email addresses in the database #1756
Comments
Respected sir, I can work in this issue, I am comfortable with our graphql schema, after the last two issues got merged. Thank You. |
I would like to work on this issue |
Can I work on this? |
@palisadoes Respected sir, I wanted to clarify one question. Do you want a single encryption key, with a email specific random salt for every user email. Or a user specific unique encryption key, just like the user specific salt for each email. The latter option would involve creating an in-house KMS for handling the keys. Thank You. |
|
@palisadoes Ok sir, Thank You. |
@palisadoes Respected sir, There was a recent revert of a PR in the API that was causing error related to user signup. I had started my feature branch before the revert. So i had to merge the latest upstream to my feature branch. But as a result a lot of files were changed. One thing I noticed is that for every file changed, eslint throws multiple linting errors that are already present in the code base. At the moment around a hundred linting errors are showing while I try to commit my changes. How can I disable those errors. Otherwise I am unable to commit. Every new line of code I write is passed through linting checks, but the errors shown are for hundreds of lines of code already present. Thank You. |
Please ask the talawa-api slack channel for assistance. |
@palisadoes Respected sir, The issue is almost done. But I am using an opensource key management service by HashIcorp, for an in-house secret management. As storing the encryption key as plaintext in the .env file is not secure, and industry standard. But this would require all future users of Talawa-api to install 'Vault' from 'HashICorp' , into their local systems and configure it before they can start contributing. Also when pushed to the main repo, the actual cloud instance that runs the API in production must also be updated with the latest software. Should I proceed with this major addition of software. Or store the key in the .env file only. I feel that if we make the migration, then all current secrets in the .env file could be migrated to the service as well for better security. Thank You. |
At this time use the |
@palisadoes ok sir. Thank You. |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
This issue is active. I have already raised a PR, it is awaited approval. Thank you. |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
I have already raised PR for this issue, but due to the merge of my recent PR #1896 and a few others there has been drastic changes in the setup. I will be updating the PR as soon as the new implementations are done. Thank You. |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
@Anubhav-2003 Are you working on this? |
Actually, I have already raised a PR for this, the feature is completely implemented, but due to recent pull request merges. Some tests are failing. Thank you. |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
Update: working on the latest new PR for this issue after the userType-fix branch merge. |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
Unassigning due to no activity or open PR |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
I would like to work on this issue. I will proceed with the preferred AES-256-GCM Encryption/Decryption algorithm. |
You will need to ensure that all the encryption / decryption will work:
|
I was planning on implementing function for the encryption key variable in the |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
Suyash are you working on this. |
Yes, I am working on this. |
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
Describe the bug
To Reproduce
Expected behavior
A solution where:
setup.ts
No
sample_data/users.json
file must be updated with the encrypted addresses during the data importation process.Actual behavior
Screenshots
Additional details
Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship
The text was updated successfully, but these errors were encountered: