[thelist] Sensitve information on the web

Hassan Schroeder hassan.schroeder at gmail.com
Wed Nov 3 10:39:15 CDT 2010

On Tue, Nov 2, 2010 at 8:06 PM, Joel D Canfield <joel at bizba6.com> wrote:
> On Tue, Nov 2, 2010 at 8:22 PM, Todd Richards <todd at promisingsites.com>wrote:
>> Am I missing something, or am I being too cautious?  After answering them
>> tonight, I thought I'd get someone else's take on it.
>> we used GPG (open source version of PGP) to encrypt data being emailed.
> since we were sending apps for health insurance, including everything, I was
> told (but did not verify) that it met some fairly rigid standards for
> security.

The problem I see with this is that, once decrypted on the recipient's
end, the data is exposed to being easily compromised -- accidentally
or intentionally forwarded in plain text, for instance.

OTOH, while keeping it online in a DB is also a potential exposure,
it's a lot easier to track access, as well as offer better management
(auditing, reporting).

Hassan Schroeder ------------------------ hassan.schroeder at gmail.com
twitter: @hassan

More information about the thelist mailing list