maektwain commented on pull request #1032: URL: https://github.com/apache/fineract/pull/1032#issuecomment-659794720
This is completely Ok, but there are some design flaws . 1. Open to attacks if private keys are stored on server . 2. Another issue is the API are not best suitable as of now to handle such leaks, it's just a password guess away. 3. Generation of keys on the server is an expensive task. 4. Encryption and Decryption can happen through an identity protocol such as Elliptic Curves etc etc. We might need to work on the server side to acknowledge the keys are valid and then exposing functionality. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
