问HN:零信任架构是否过于复杂?

2作者: devinabox3 个月前原帖
大家好!我需要你们对我们正在开发的调试工具“Dev In A Box”中的零信任架构的看法。 我和我的合作伙伴开发了“Dev In A Box”——这是一款利用模拟技术以约70%的准确率找出bug和安全漏洞的调试工具。它不仅可以帮助找到报告问题的根本原因,还可以用于更一般的调试和技术债务清理。 自然,这个工具需要处理用户的代码,因此我们希望确保我们的安全措施万无一失。 我们在设计架构时考虑到了这一点——基本上,每个新项目都存储在自己的数据库中。这使得访问数据的合约更容易执行,并且通过SQL或编码错误导致的租户数据泄露几乎是不可能的。 另一个目标是实现零信任加密系统——允许用户防止我们访问他们静态数据。然而,我不确定实现这一目标的最佳或最用户友好的方式是什么。我希望能得到你们对这个概念的反馈: 这个想法是,用户可以设置一个“主密码”,只有他们知道(而我们不知道),这个密码将作为加密密钥。这意味着他们的数据库只能在运行时使用这个“主密码”解密——类似于LastPass等密码管理器的工作方式。 这将意味着我们作为SaaS公司将无法访问他们的数据,从而可能给用户带来更多的安心和额外的安全层。 理论上我觉得这个想法不错——作为一个拒绝使用GitHub的人,因为我对微软的信任程度不及我能扔他们的距离,这确实满足了我的强迫症。但在我们构建之前,我想先向大家请教一下,看看这是否真的值得。 当然,这也有一些缺点,比如: - 每次想访问项目时都需要输入主密码 - 在大型团队中管理这个密码(如果50个人都知道这个密码,这真的能提供安全性吗?) - 如果密码丢失,项目将无法恢复。它将永远消失。 所以我想问你们几个问题: - 利弊是否成正比?这是否会让你在使用代码扫描器时感到更安心? - 这种安全性/隐私水平对你重要吗? - 是否有更好的用户体验来实现这一点? - (对于熟悉密码学的人)有没有更好的方法来实现这一点?你知道有没有更好的方法来管理数据,以便提供者在运行时无法访问? 更多信息可以访问我们的网站:dev-in-a-box.com 提前感谢大家的意见!欢迎所有反馈!
查看原文
Hey everyone! I need you opinion on Zero Trust Architecture for a debugging tool we’ve been building.<p>My partner and I have built Dev In A Box - a debugging tool that uses simulations to pull out both bugs &amp; security vulnerabilities with ~70% accuracy. It works for both finding the root cause of reported issues and doing more general debugging &#x2F; tech debt removal sessions.<p>Naturally, the tool has to handle people’s code, so we wanted to make sure our security was air tight.<p>We’ve designed our architecture with this in mind - essentially, each new project lives in its own database. Making the contract to access the data much simpler to enforce and making a tenant breach via a SQL &#x2F; coding mistake impossible.<p>The other goal of this is enabling a zero trust encryption system - allowing the user to prevent us from accessing their data at rest. However I’m not sure what is the best &#x2F; most user friendly way to do this is. I’d appreciate any feedback on this concept:<p>The idea is a user could set a “master password” that only they know (and we don’t) that would serve as the encryption key. Meaning their database can only be unencrypted at run time with that “master password” - similar to how password managers like LastPass work.<p>This would mean we, as the SaaS company, won’t be able to access their data. Potentially giving users more peace of mind and an additional layer of security.<p>I think it sounds good in theory - as someone who refuses to use GitHub because I don’t trust Microsoft as far as I can throw them, it definitely fulfills my neurosis. But before we build it, I wanted to run it by all of you to ask if it’s really worth it.<p>There are some drawbacks, of course. Like:<p>- Having to input a master password every time you want to access your project<p>- Managing that password across larger teams (if 50 people know the password, is it really providing any security?)<p>- If the password is lost, there’s no way to recover the project. It’s gone for good.<p>So my questions to you are:<p>- Do the pros out weigh the cons? Is this something that would make you feel better about using a code scanner?<p>- Is this level of security &#x2F; privacy important to you?<p>- Is there a better UX for something like this?<p>- (For the folks who are knowledgeable in cryptography) Is there a better way of going about this? Do you know of a better method for managing the data so that the provider can’t access it at run time?<p>For more context you can see our website: dev-in-a-box.com<p>Thank you in advance. All opinions welcome!