19Eyl
Is it currently considered strong security to store the encrypted data and encryption key in the same database? [duplicate]
In 2024, is it considered safe to encrypt user data, store the encryption keys in the database, and protect them with user credentials? Deriving keys from user password is not ideal in my design. My plan is to allow OAuth-based authentication only, i.e., the user must authenticate to his Google or Facebook account in order to authenticate into my system. Therefore, my system will not accept passwords.
