I just had an idea for a plugin, but I’m submitting it here to evaluate how doable such a thing would be, and whether I would be the only user.
I’m currently building a portfolio site for my brother, on which there is a small shop. To make it easier for him, pending orders are listed in the panel (and obviously not displayed anywhere else on the site).
However I would like the personal info (address, name, phone number) of customers to be as much protected as can be, in the case of data loss/leak.
One solution is to encrypt the disk of the server on which the site is running. That’s doable, but one needs a full dedicated private server to do so (even if virtual), and also has to be quite technically-minded to know how to set this up.
Another one, which I find quite interesting, is to do some kind of end-to-end encryption, à la Protonmail i.e a key-pair is generated client-side upon user creation, the public key is stored as-is but the private-key is encrypted using the user’s password and some extra stuff. Now for this to work, the server should not have access, at any point, to the user’s password (In a threat model in which the server can be compromised).
I don’t know how Kirby handles user passwords yet, but I’m willing to bet they do receive them in plaintext when users log in, so this would have to change. Every field could receive a encrypt: true
parameter in the blueprint, but I don’t know how easy it is to extend every single field.
Anyways, feel free to say if you think this is a terrible idea,
I’ll see later if I have time to investigate further.