Collaborator Support Request & Encryptions Discussion

[magiccodingman]

I made this project within a week years ago out of a need for my company. This need would eventually vanish as my project requires me to follow strict HIPAA compliance standards. And IndexedDB, even with the current encryptions provided are not sufficient. Due to time constraints, time allocation, and not being able to utilize this project on my own business, I've not touched this in quite some time except for when contributions occurs. So I have a dual discussion if anyone cares to join in.

Collaborator Support Request

Is anyone interested in being a collaborator? I'd be comfortable handing off the keys of this project to those actively utilizing it. I think adding at least 2 collaborators that requires a PR/approval by one other collaborator (aka me or anyone else), then the merge request is accepted. @yueyinqiu @danadesrosiers or anyone else, would this interest you?

I feel bad that I made this project over 2 years ago now and haven't maintained it. I didn't think people would like it so much tbh.

Encryption Feature

What tends to drive my open source projects is the direction of my business. I try to open source any library or code that I can share if it isn't confidential or specialized for my company. And after years of effort, my platform is going live in 2025 🎉 🎊 🥳

With that said, I've conjured up a mad mans brain baby idea of how to make indexed DB encryptions not only significantly better, but HIPAA compliant. I will not have time to focus on IndexedDB at a minimum until October 2025, but that's generous. I have too many business requirements I need to still complete. But I have on the roadmap future support of offline capabilities that're HIPAA compliant.

This will come in 2 forms. My preferred form is via IndexedDB as this makes my hosting costs and upkeep easy. Last resort will be just re-using my components on MauiBlazor. But when I do come back to the IndexedDB, if I do discover I can achieve my needs and continue utilizing a PWA WASM blazor app. My company would officially pick up this project and consider it officially supported.

My site is down right now due to it being rebuilt before a very large national launch:
https://sayou.biz/

But currently maintained open source projects my company guarantees support are other open source projects like this:
https://magiccodingman.com/MagicEF

I know this is an "if" I can get my HIPAA compliant IndexedDB idea to work. But I do think it's possible. And it's when I can finally focus on it. But I thought I'd mention that later in 2025, I will likely have made my conclusion as to whether I will be picking up MagicIndexedDb and having my company maintain it. Which would bring significant support, updates, and more.

Conclusion

I will provide an update this year or early next year as to the status and decision on this project. But it's also why I'd love to find those willing to be contributors that way the project isn't dependent on me or my company. I genuinely work 12-16 hour days. Weekends don't exist for me. I honestly took my first vacations last month haha!

But, when/if I do come back to this project. I'll be bringing my company support which would see lots of new beta users in live environments, consistent updates, and patches. And hopefully community support can come in too!

Because why not share what you can? Open source rocks, it's amazing to share with others, and that's what makes open source projects amazing.

[yueyinqiu]

I think I'm ok to handle some daily small issues.

[yueyinqiu]

By the way maybe I'd like to try some aggressive and bold changes, which might also require others' careful inspection. Would that be fine? Or maybe we should just maintain the project as is?

[magiccodingman]

1.) No obligations to do anything.
2.) I appreciate it.
3.) Be as aggressive as you want. Improvements are improvements :)

Even though I've been really busy. If you think your changes will be that significant, I should setup the automated testing like discussed here:
#16

I'll set up the collaborator settings today.

[yueyinqiu]

Hmm... I wonder what HIPAA requires us to do.

Actually I'm considering to remove the encryption features for now, since it only applies on strings. I'd like to move it to c# side and work on the whole object. But I am afraid that it might break HIPAA.

And currently the fields won't even be automatically decrypted. Is it also due to the requirement of HIPAA?

I'm also wondering should the encryption be done in an "indexeddb layer"? Perhaps it should be done in other "business logic parts"?

[magiccodingman]

So, the major concern of HIPAA compliance is encryption at rest. Therefore it needs to be encrypted inside the database. My current implementation could work as it encrypts it at rest as long as you don't store the keys on the site. But the current way the encryption works will not allow you to search for things when encrypted since it's encrypted in the column.

I'm not sure if we should or shouldn't remove the encryption feature to be honest. As I wouldn't be surprised if it's also refactored later. Something I'm going to think about.

[yueyinqiu]

Hmm... But actually the keys seems to be known by the server with the current implemention. Anyway, let's discuss this later.

[danadesrosiers]

Hey, sorry I keep forgetting to respond. I am also a bit overextended, so I don't expect to be able to help much, but it sounds like the two of you have it covered. Thanks for creating this project and sharing it. And good luck with your company. - Dana

…

On Tue, Feb 18, 2025 at 7:30 PM yueyinqiu ***@***.***> wrote: Hmm... But actually the keys seems to be known by the server with the current implemention. Anyway, let's discuss this later. — Reply to this email directly, view it on GitHub <#26 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABD3NB4OK2UKK5XZARQVIYL2QP3ERAVCNFSM6AAAAABWZNWUD6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTEMRUGQ3TANA> . You are receiving this because you were mentioned.Message ID: <magiccodingman/Magic.IndexedDb/repo-discussions/26/comments/12244704@ github.com>

[magiccodingman]

Just a reminder to myself after this PR is complete: #43 that I need to come back and strip out all of the old encryption attributes, properties, and code. This function has been depreciated and the code and documentation must reflect this.