stackoom
  简体   繁体   中英

How can i securely store account data in an open source app?a

 原文  2022-07-18 12:39:35       node.js/ database/ mongodb

Question

I need to store user account data for my open source app such as email, hashed password, favourites etc.

The two options I have considered for this are: Storing info on a MongoDB Atlas database or storing in a JSON file.

Since the app is open source on GitHub, these two options create some problems. If MongoDB is used, then my API key will be exposed in the source code, which isn't that great. It will also make it difficult for people to test the project locally. If a local JSON file is used, users will be able to see all of a users sensitive info stored inside the repository, which definitely isn't good. What are my options here to be able to securely and easily control account creation and data storage? Cheers.

1 answers

solution1
 0  2022-07-18 13:02:11

Since the app is open source on GitHub, these two options create some problems. If MongoDB is used, then my API key will be exposed in the source code...

This is a good case to use environment variables on your local machine. In the code you can do something like

process.env.<APPLICATION_NAME>_API_KEY;

If the developers you're working with is trusted enough to handle your database credentials then you can share it behind closed doors.

It will also make it difficult for people to test the project locally...

This is good practice for whatever future endeavors you might have with nodejs or other software development. Testing should never be made on production databases. If the database you're testing on isn't the production one, that's great, but there's still the issue with using sensitive user data for testing purposes. Banks hopefully aren't using real accounts to test transactions. What if there's an error and the account ends up drained with no log of how much was in it from the start?

I would recommend you setup a way to fill a database with dummy data for testing purposes. This could be a SQL script which you then can commit to your repo and update your instructions with how new developers and contributors can spin up their own database for testing purposes.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I open this external app from Electron securely? Securely store data in a Node CLI app How can I securely store the IP address, username and password of a database using Node.js? Securely store data on a web server How can I connect to API securely? How to securely store JWT in browser? How to store database credentials for an open-source Heroku Node.js app? Where can we store the JWT token securely? How can I get all the data of a Shopify store product for my app? How can I securely build paths from url segments?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM