I have some general trust issue about the cloud, especially on how you are handling my data with code I cannot audit or firewall.
Are my data encrypted both at transit and in store at least unless I choose to share it? Can some government agency access my data without a warrant? (disregarding the plausibility of appealing the warrant for now?) Will the cloud go down at the moment I need it? Can it operate in an environment with a sweet mix of Windows, macOS, Linux and iOS? How are you handling my login credentials? Is there a "magical key" (aka password bypass vulnerability) in the login system? Can it work with some inventory management techniques like QR codes printed on labels or labels with embedded RFID chips? Is there any API for me to integrate this into my existing offline inventory system?
I'm not sure I can answer all of those, but let's try! Here's some honest answers:
> Are my data encrypted both at transit and in store at least unless I choose to share it?
In transit, yes, on disk — no.
> Can some government agency access my data without a warrant?
Of course. Government agencies can access pretty much anything they want.
> Will the cloud go down at the moment I need it?
It could, networks do go down sometimes.
> Can it operate in an environment with a sweet mix of Windows, macOS, Linux and iOS?
Yes. I develop on Mac OS and Linux, and try to test on Windows and iOS sometimes. The app is expected to work everywhere.
> How are you handling my login credentials?
SHA512 + salted bcrypt.
> Is there a "magical key" (aka password bypass vulnerability) in the login system?
Hopefully not. At least I didn't put one in.
> Can it work with some inventory management techniques like QR codes printed on labels or labels with embedded RFID chips?
I print QR codes on my labels (see
https://partsbox.io/blog/how-to-organize-electronic-parts-04-2017.html), these contain URLs. As for other techniques, I'm working on implementing scanner support for processing distributor orders.
> Is there any API for me to integrate this into my existing offline inventory system?
No, although I'm considering this for the future. I like APIs and would like to offer one, but for the moment this is too costly. APIs cost time and effort to maintain, and I simply can't spare any time and effort, I'd much rather work on features.
And a general note: I can understand your concerns about storing your data on somebody else's server. I usually have the same concerns. But compromises have to be made: I could never afford to develop a multi-platform app with a local database. Also, as for government agencies, you have to estimate how much of a threat they really are and how valuable the data you'd be storing in PartsBox would be.
Hopefully I was able to clarify things :-)
Home
Help
Search
Login
Register
