At work, we generate sensitive report files for our clients. Currently, these files are stored in cloud storage. Some partners want the files on their local machine, instead, so we will need the directory in which they want to save the files. Would it be a security risk to save their directory structure in our database?
Asked
Active
Viewed 315 times
1
-
Why do you need their directory? Why not a shared folder (so `C:\Example\Folder\Folder\REPORTS` becomes `\\ClientPC\REPORTS` where the permissions are locked down)? Or a number of other file copying/distributing techniques? – armani Apr 09 '15 at 15:23
1 Answers
1
This doesn't jump out at me as a security risk. Sensitive data is stored in databases all the time. If your database is somehow compromised, I suspect that client directory structures getting out would be pretty low on your list of concerns.
Abe Miessler
- 8,155
- 10
- 44
- 72
-
-
@LucasKauffman, I would argue that your database being compromised will do the reputational damage - not the fact that you stored directories in there. – Abe Miessler Apr 10 '15 at 14:30