docs(concepts): comparison and concept pages#72
Open
coderdan wants to merge 4 commits into
Open
Conversation
First real page in the Comparisons section. Explains how CipherStash relates to Postgres Row-Level Security (access control) and Transparent Data Encryption (at-rest, on disk): three different layers closing different threats, and how they compose. Written against the shipped v3 story; no em-dashes.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Reframe the RLS section around its real limitation: policies enforce on the connecting database identity, but apps connect as a shared service principal (especially through ORMs like Drizzle/Prisma, and on RDS/Aurora), so per-user RLS is not in effect for most real connection patterns. Supabase via supabase-js is the exception. CipherStash's guarantee is independent of how you connect and can bind to the end user.
…S page Two-lane Mermaid diagram: three users sharing one pooled service-principal connection (DB sees one role) vs a user identity carried through a data API (DB sees the actual user).
Switch the Mermaid component from the stock default/dark themes to the customisable base theme with CipherStash themeVariables (warm near-black / off-white grounds, lime accent for subgraph titles), for both light and dark. Applied globally, so every diagram on the site is branded from one place.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Content work that's independent of the Stack 1.0 final API. Building up the Comparisons and Concepts sections while API-exact pages are blocked.
In this PR so far
concepts/compare/rls-and-tde— how CipherStash relates to Postgres Row-Level Security (access control) and Transparent Data Encryption (at-rest, on disk). Three layers, different threats, and how they compose. Includes threat-coverage tables and a "choosing" matrix. Written against the shipped v3 story, no em-dashes.More comparison and concept pages will land on this branch.
Notes for reviewers
cipherstash-vs-fhe.md, untracked in the repo root) is strong but written against EQL v2, and two claims contradict the shipped v3 reference: Paillier-backedSUM/AVG(v3numbers.mdxsays arithmetic aggregates are unsupported), and "static order is not leaked" (true for block-ORE, but the v3 default is order-preserving OPE). Landing it needs those two product-truth questions settled first (they overlap with the searchable-encryption leakage decision). It also carries marketing-style frontmatter, so it may belong on the marketing site.Verification
bun run buildcompiles with 0 errors; no broken links.https://claude.ai/code/session_01NkxKebM3qffTB7FayXsfxP