RavenDB Security Report: Redundant or Missing Authentication

added by DotNetKicks
3/29/2018 1:22:05 PM

2 Kicks, 236 Views

The solution to that is to add, as part of the encryption algorithm itself, a part where we verify a signature on the data. This signature is also signed with the secret key, so the idea is that if the data was modified, if you don't have the secret key, you'll not be able to fix the signature.