[thelist] Sensitve information on the web
Hassan Schroeder
hassan.schroeder at gmail.com
Wed Nov 3 10:39:15 CDT 2010
On Tue, Nov 2, 2010 at 8:06 PM, Joel D Canfield <joel at bizba6.com> wrote:
> On Tue, Nov 2, 2010 at 8:22 PM, Todd Richards <todd at promisingsites.com>wrote:
>
>> Am I missing something, or am I being too cautious? After answering them
>> tonight, I thought I'd get someone else's take on it.
>>
>> we used GPG (open source version of PGP) to encrypt data being emailed.
> since we were sending apps for health insurance, including everything, I was
> told (but did not verify) that it met some fairly rigid standards for
> security.
The problem I see with this is that, once decrypted on the recipient's
end, the data is exposed to being easily compromised -- accidentally
or intentionally forwarded in plain text, for instance.
OTOH, while keeping it online in a DB is also a potential exposure,
it's a lot easier to track access, as well as offer better management
(auditing, reporting).
FWIW,
--
Hassan Schroeder ------------------------ hassan.schroeder at gmail.com
twitter: @hassan
More information about the thelist
mailing list