I’m working on a system that’s using CSS as a base solid server, and it seems that our app will probably need encryption at rest. CSS doesn’t provide this out of the box. Does anyone know of any CSS configurations that provide that? Or any pointers on how to go about writing one?
If I understand you correctly, you want POD encryption? There’s an issue about this already: feat: POD encryption · Issue #1133 · CommunitySolidServer/CommunitySolidServer · GitHub
TL;DR: Not out of the box, but you likely could modify the FileDataAccessor to encrypt files on disk.
Do you refer to the client side app? If yes, then I didn’t understand your question
Ah ok. Thanks for the link. I’ll take a closer look at the FileDataAccessor
And to be clear (as I’m not 100% sure if we really understood each other): the FileDataAccessor is server-specific. With this, you could make your CSS instance encrypt files on the server, but then all clients would need to use this specific server if they want that files are encrypted server-side. And this would be “transparent” to clients, ie they won’t notice any difference and only people with direct access to the server would see the difference (admins & hackers with RCE).
Yup! I’m looking into server-side encryption of the pod. Application-level encryption is a different can of worms.
Our goal is to be able to deploy pod servers with groups that don’t necessarily have the technical expertise to secure the data themselves. If we can provide a server (or point them to a server) that encrypts data properly, that reduces the likelihood of a data breach. It also means there’s less risk if somebody decides to use a client application that doesn’t provide application-level encryption.