| ... | ... | @@ -15,13 +15,13 @@ All commands are stored in a non-relational database that is encrypted at rest u |
|
|
|
To support text search on the server side, commands are not encrypted at the application layer. Searching would require decrypting commands on demand. A full search experience requires there to be a text index on the commands themselves.
|
|
|
|
|
|
|
|
## Privacy
|
|
|
|
All commands are private. Commands recorded on behalf of a user are only accessible using that user's authentication token. There is currently no way to share these commands and they're not publicly accessible
|
|
|
|
All commands are private. Commands recorded on behalf of a user are only accessible using that user's authentication token. There is currently no way to share these commands and they're not publicly accessible.
|
|
|
|
|
|
|
|
#### Authentication / Indentification
|
|
|
|
Bashhub currently generates each user a unique identification token which is passed with each user request to validate a user's actions. This token is necessary to perform any actions on behalf of a user for the command api.
|
|
|
|
|
|
|
|
#### Sensitive Information
|
|
|
|
Bashhub saves a copy of a command exactly as it's recorded in your history. Credentials which are recorded off the command line (e.g. default ssh and postgres) are **not** recorded. Only if you plain text a password as part of a command will it be recorded. For example:
|
|
|
|
Bashhub saves a copy of a command exactly as it's recorded in your history. Credentials which are recorded via a prompt (e.g. default ssh and postgres) are **not** recorded. Only if you plain text a password as part of a command will it be recorded. For example:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ mysql -u bob -p plain-text-password # This is overall bad practice.
|
| ... | ... | |
