Would LiveView be considerable for a use case where one wants the users of a service to control their own data by the use of client side encryption (like Proton)?
If so, is there an obvious point in the framework where one could hijack the (magic) parts of LiveView to perform encryption and decryption?
Also, is there anyone else who also is super excited about this?! 
Kind regards,
Your friendly entry level LV enthusiast
kind of related: Transparent Column Encryption with Postgres.
That’s like Cloak.Ecto — cloak_ecto v1.2.0 right?
I’m thinking that one would like to do that in addition to client side encryption and decryption. The use case I have in mind is one where you really want to make sure that the stored data doesn’t leak. And if it does leak, you really don’t want it to be en masse.
ha! i was not aware of this one; TIL
i am not sure about it. i guess it depends on your threat model.
if you do all of the cryptography-related stuff in the browser, client-side, you might not have a reason to do it server-side.
i shared a link as a curiosity - it’s kind of opposite of what you are asking about. 
HOWEVER, turns out Postgres can run in the browser 
Wow, browsers these days! 
Yes this is an area of application where you as a service provider wants close to zero access to the data and also as many layers of security as possible 
I’m looking at OpenPGP.js. It just happens to be maintained by Proton.
Obviously, doing client-side encryption and decryption will be a Major Headache 
But it will be worth it.
I’ve been thinking along these lines too. You probably don’t need to hijack LV, but simply use a hook to decrypt the contents of an element after it’s mounted or updated (or maybe using beforeUpdate).
Keyword being “simply” there 
Thank you for your input 
I’ll post a link to a repo of a proof of concept if I manage to get something together.
Thanks @derpycoder, that work by @jstimps is really neat 
The repo has a lot of goodies in it that I realise could provide some useful insights in my own efforts.
I for one however wouldn’t be able to manage the subtle encryption API properly. Not that it matters too much since we are talking about an MVP that would receive a prompt “shift left” by security specialists if it “takes off” to any degree.
Again, thanks!
© Copyright Elixir Forum | Terms | Privacy & Cookies
