Toc for Sensitive Data storage cheatsheet #377
Conversation
northdpole
requested review from
mackowski,
rbsec and
ThunderSon
as code owners
|
Hi @northdpole. My initial thoughts would be about how this fits in with the existing cheat sheets. We currently have:
Looking at the proposed ToC, it feels like there would be quite a lot of duplication with the existing cheat sheets, and potentially more confusion for the end user in terms of where they should be looking for information. Should this be a new cheat sheet in its own right, or perhaps should the we fill in any missing gaps in the existing cheat sheets with this content? @ThunderSon @mackowski, what do you think? Thanks |
|
My thoughts on this are to make this pertaining to topics related to secure storage, and linking accordingly into the other ones. One example would be that this CS talks about permissions, and the DB CS references it. This can be done based on which is the bigger focus. So a KMS CS focuses on the keys and how to secure them, so this CS should reference them, and where the KMS needs things related to general storage factors, it references it from this CS |
There was a problem hiding this comment.
I like this but we have to very carefully make sure to not duplicate the content of other CSs. I like @ThunderSon idea how it can look like.
But what I like even more is to cover this topic #124 this is wider topic but if @northdpole can take it with our help it will be awesome. It will also have more unique content that will justify the need of a separate CS.
ThunderSon
added
the
WAITING_UPDATE
|
@northdpole is busy currently, so this will be put on hold till they're around for more updates. |
We can make this the opposite, it could be as simple as pointing to subsections of other cheatsheets instead of being a full blown document. What do you think? this would minimize overall edits you have to do. @ThunderSon In short, I'd be happy to help. Would you like a draft or otherwise how do you prefer on getting started? |
|
@northdpole Based on our discussion on Slack, we agreed on a small touch-up on the ToC. Once that is done, I'll move forward and link sheets to the relevant sections, and then it'd be clearer for you on what is required and missing to be described properly. |
ThunderSon
removed
the
WAITING_UPDATE
|
@northdpole are you still around? This can be an awesome CS |
mackowski
requested review from
jmanico
and removed request for
rbsec and
ThunderSon
|
Yes I'm around! Happy to create it! I'm currently on holiday which may
also accelerate stuff ;) gimme a week or so for the first draft
…On Wed, 29 Jul 2020, 10:39 mackowski, ***@***.***> wrote:
@northdpole <https://github.com/northdpole> are you still around? This
can be an awesome CS
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#377 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAMCRHT7D7DMYUZU6T7OGCLR57G2NANCNFSM4LVWDKOQ>
.
|
|
@northdpole good to hear that! If you need any help from us let us know :) |
add suggested links to other cheatsheets, update ToC slightly add questions?
|
added some content and comments, let me know what do you think and i can edit accordingly :) |
| The unintented advantage of this approach is that if a user's data needs to be deleted, only the associated key needs to be destroyed as this will make data unusable. | ||
|
|
||
| ## Tokenizing | ||
| <this can be a cheatsheet by itself which does not exist currently do we want to do this?> |
There was a problem hiding this comment.
I would like to do this, maybe we can start here and it this grow too much we can create new CS
There was a problem hiding this comment.
For tokenizing, it is really a niche subject not directly related to sensitive data storage. It is closer to Sensitive Data Handling. So I removed it from this cheatsheet but opened a ticket to create a new one #471
address comments v1
address comments v2
|
@jmanico what do you think about this CS? Do we want to keep it, this is basically linking to all content from other CSs? |
I think this is a really interesting idea. In general, I want to welcome contributions that use our sheets in unique ways. :) |
There was a problem hiding this comment.
@northdpole The links are not working. Links in the Contents are good but for all other links you are using a wrong syntax. After you fix it we can merge.
|
@northdpole do you need any help from us? |
|
@northdpole hey do you need any help from us? Do you want to work on this further? |
|
I am closing this PR because no updes here were made in about 6 months. @northdpole feel free to re-open it whan you will have time to work on that. |
Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.
Please make sure that for your contribution:
If your PR is related to an issue, please finish your PR text with the following line:
This PR covers issue #.
Thank you again for your contribution 😃