Sensitive data separation in MongoDB and NodeJS - links through an encrypted key

I am currently working on an application that allows users to keep a confidential date. Since this is a web application, we use NodeJS and MongoDB to save. (BTW I'm completely new to Node and NoSQL)

We have users who can keep a medical history. The name and email address are stored in the user document, while other data is stored in the profile. To improve security, I would like to encrypt links from the user to his profile and vice versa.

I am currently using the Crypto NodeJS library to encrypt (AES256) the user_id link in the user profile. As a result, the link is no longer an ObjectID type, but a string

Therefore, looking through the database directly, it is impossible to verify which profile belongs to whom. The encrypt key and decrypt user ID are stored somewhere in the NodeJS file of the NodeJS server.

Is this a normal / good way, or am I doing something completely wrong? Are there any better ways - I read that mongoDB does not support any "built-in encryption"

At least here is the code for en / decryption

 module.exports = function() { this.encryptionSecret = "ANYSECRET"; this.crypto = require('crypto'); this.algorithm = 'aes256'; this.encrypt = function (key) { var cipher = this.crypto.createCipher(this.algorithm, this.encryptionSecret); var encrypted = cipher.update(""+key, 'utf8', 'hex') + cipher.final('hex'); return encrypted; }; this.decrypt = function (encryptedKey) { var decipher = this.crypto.createDecipher(this.algorithm, this.encryptionSecret); var decrypted = decipher.update(encryptedKey, 'hex', 'utf8') + decipher.final('utf8'); return decrypted; }; 

};

+4
source share
2 answers

Look at the risks you face:

  • A hacker crashes into your server and steals the entire database. . Incredibly, in this case, the encrypted links will not help, since the hacker most likely gained access to the key, even if you completely combine the data, for example. for different data centers, and the hacker receives only the β€œanonymous” part of the data, these medical records probably contain the name, insurance and / or other identifying data. Even if not, there are studies that show that it is almost impossible to anonymize data (examples: anonymous charts of friends, device profiles)

  • A hacker hacks your site and accesses data outside of his account . Since your server must be able to handle de-link logic and must have access to both data stores to execute its own, this method will not add security at all. However, since you are using a completely new server technology for you, the likelihood of holes in your software is high ...

  • The drive crashes and you lose some data or a key . In this case, you will have more work than recovering from a similar scenario without encrypted links.

Securing web applications with up to two and a half possibilities: either make the system as reliable as possible, using secure coding standards, penetration tests, intrusion prevention, two-factor authentication, etc. etc. and / or use client-side encryption. The latter looks like the ultimate weapon, but is fraught with its dangers. I'm afraid there is no silver bullet that I can think of.

+4
source

I would recommend putting your encryptionSecret in an environment variable .

+1
source

Source: https://habr.com/ru/post/1495549/


All Articles