Tickets Private Fields for sensitive data.

NixFifty

Administrator
Staff member
Thinking about it some more, categories can already have specific email addresses assigned to them that can receive notifications when new tickets are created. I'm currently thinking of including it within this email as it wouldn't (and shouldn't) be stored in the database, etc.
 

ALfa1

Well-Known Member
On encrypted ticket fields:

I have asked @pegasus for feedback.
 

NixFifty

Administrator
Staff member
On encrypted ticket fields:

I have asked @pegasus for feedback.
Cool, thanks. I’m mostly interested in how others handle decryption key transfer. Xon also has some good ideas on how to make it as easy as possible so I think we’ll see this sooner rather than later... finally.
 

ALfa1

Well-Known Member
Here are some thoughts on the matter submitted by Pegasus (Vaultwiki):
Pegasus said:
- The decryption key should not be sent to staff over an unencrypted transmission like email.
- Encrypted fields should ideally be just as strong as your SSL certificate encryption.
- For certain compliance, like PCI, it may be necessary to store encrypted data and decryption keys on separate machines (servers). Because of this, you may want to use an AWS bucket or something like that, where NixFifty is only granted write access (to write the keys) and staff members have read access, to look up keys.
- Key lookup should not rely on a staff member's password. That is, being logged in to the forum should not automatically let them find keys.
 
Top