Securing the database
Some examples of the data Keycloak stores includes the following:
- Realm configuration
If your database became compromised, we must consider some examples of what could happen if an attacker were able to read your data:
- An attacker would get access to details about your employees or customers. The impact of this would depend on how much personal information you store about your users, but even a list of email addresses is valuable to an attacker.
- An attacker would get access to user credentials. Even though passwords are stored as one-way salted hashes in the database, the attacker may be able to crack some of the less secure passwords.
- If you are not using a vault or keystore, an attacker would have access to any secrets stored in...