API - Client security #5
Description
Currently there's only one for of security in the communication between the API and the Client - TLS. This is fine for now as the application is in its early stages and currently doesn't handle any super sensitive user data. However going forward there should be:
- Encryption of certain fields for objects being sent over the wire (e.g. password, phone number)
- Encryption of certain database fields (e.g. bank account number)
- Zero-Knowledge features for even more sensitive data