So I'm interested in making an app where I want some of the data in the db (probably mysql) to be encrypted. I don't really know much about security and encryption stuff, but this app will be for personal use only so it's a good learning opportunity and not a big deal if I get something wrong. I guess this is more of a general backend question, but I do want to do it in nodejs.I also don't want the users to have to enter two passwords to use the app (once to log in and once to access their data).Do you guys have any articles or libraries that help handle this sort of stuff? My layman's theory is that there would be some sort of encryption key, which is generated from the user's password. When the user logs in, we generate the key and store it to localstorage. That way the plain text password isn't stored anywhere, and nothing is stored on the server that could be used to see the data. Then, with every request, we send the key along, so the server can return plain text data (or encrypt data that's being submitted).There's probably a billion security holes in that strategy, but I'm ready to learn! :P
Submitted September 24, 2019 at 07:44AM by Nodeboi
No comments:
Post a Comment