Security/encryption

[WillStrohl]

Is there any need for and/or ability to encrypt the information stored in the redis caching provider? If more than one site is using this provider, can they potentially see and read the stored information?

[davidjrh]

Short answers:

• Currently there is no out of the box support for encrypting the information. Sounds like a good feature to implement by using certificates. Of course this will penalize the cache performance when used.
• You can use the same Redis server caching provider with different DNN instances. Perhaps using a long host prefix can help, but the information could be read by enumerating the keys on the server. What I would do is: a) use the same Redis server with the DNN instances that I own and manage; b) use different Redis servers with the DNN instances where I give 3rd party host access, where they could potentially use a script to enumerate all the keys