I am making a web app that stores a user note into mongoDB. The problem is that the content is being stored raw (means I can read what the user wrote down). Is there a way for me to keep this information safe? Maybe something like an encryption function in the backend server that mixes up the content before storing to the db, then undo the encrypted content when fetching the data from the db.
I currently am thinking of my method above
CodePudding user response:
If that user note is so sensitive, is storing it locally for them an option? If not, then theres a few solutions:
- Like you suggested, you could encrypt on your backend API before DB insertion and then decrypt on the backend API on retrieval. That would stop you from reading it if checking the database, but since your API owns the keys to that encryption then you can still technically decrypt it and read it.
- The above solution, but can be better by adding user supplied salting to the key. The problem then is that you have to track and create that salt - and it must be the same each time - on the client side. The client will still have to tell you the salt and trust that you aren't storing it. But then theres always the problem of if you are request logging, you could maybe get the salt to decrypt even if you didnt store it in the database.
- The best (and only) solution of the 3 to ensure you cant decrypt it is E2E encryption. The encryption keys are created and stored by the user, never transmitted to the server. You can derive it from a password or generate randomly and store it locally etc. The encryption happens before the client sends the data, and the client also decrypts it.