Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Seems like something one could build a SaaS business around- send them reports that <user> accessed <fields> about <customer ID> on <date>, along with a copy of attributes and roles about each user. Service could offer deep dives, querying, reporting, along with ML or rule-based flagging to say "That seems odd".

Wouldn't that just expose user data to an even wider group of people while doing this reporting?



If I'm following the suggestion, then it's just logs which keys were accessed:

"employee id 1234 accessed "email, password hash, location, birthday" about customer id 6789 on 2020-09-01"

nothing particularly sensitive in there, but makes it easy to audit and check for abnormalities.


Nothing sensitive about what you just described? Seems like with that info you can start making intelligent answers to security questions or possible rainbow table look ups.


It's the column headings, though.


Ahhh, I'm a dolt. I read that as variables in your comment rather than that is literally the data that is returned. Thanks for clarifying


Doesn't look like I can edit, but I could have been more clear




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: