| ▲ | prmph 4 days ago | |
But we are talking about protecting data at rest on the vendor's servers. Unless the vendor stores no user data at, how does TLS protect that data? Your argument is a bit like saying TLS protects plain-text passwords in transit, so there is no need to store them in hashed form in the database. | ||