For those following me who run SaaS businesses. Do any of you encrypt your multi-tenant databases? And I don't mean at rest. I mean full-on in production mode? Can it even be done?
-
-
A less sexy but more useful bit of security advice is making sure you have patterns and practices which ensure you're always accessing data from only the logged-in user's account, and that cross-account queries look obviously dangerous and are the higher-toil path for engineers.
-
e.g. supposing Rails-land, straight-up disallow Model.where() and prefer either @account.models.where() and, if someone needs to use it for cross-action for admin pages or analytics, force them to say Model.unsafe_actions.where()... (which you can audit, grep for, discourage)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.