I’m thinking of writing a password management app. Is Mongodb secure enough for such sensitive data? If I encrypt all the data in the database using a master password and use salt to further obfuscate, will the salt values be visible within the meteor code? (Is there a way to encrypt meteor code and/or compile the script?)
Wow! Thanks for the link! That looks pretty cool but I’m kind of worried about the whole “experimental” aspect. There’s a lot of disclaimers in there. I’ll look into it, though.
When you compile your script, you can keep all your keys on the server. Then it would be secure.
Thanks for the response, ramez! I’m a novice and don’t fully understand exactly what that looks like/means (I’m coming from a php background and I’ve really never done much client-side development) but…
- Won’t I have to supply database login credentials? And couldn’t someone look at my meteor code to get the db username and password then login to the server and see everything in the database? And…
- It won’t be visible in (e.g.) the developer console? And…
I suspect that maybe this is all covered by “Methods” which I’ve read about in the tutorial but haven’t really used yet so I don’t fully grasp the concept. Which brings me to…
3) Does this mean that my app will be useless/non-functional without an internet connection?
Right, so if you want to hide your encryption key, the only secure way is on the server. If you want the key to be browser side, it will be exposed. Anything client side is hackable (even local password managers, they just make it a bit harder)
@quantiumtech what exactly do you mean with a password manager? What would you store on the client and what would you store on the server? Also: How should the user be able to get the password to enter for example a login form?
At its most basic, the app would display a prompt (“What password would you like?”) and an input field. The user types “amazon” or “ebay” or something that isn’t a website- e.g. “wifi”. The app returns “Your username for Amazon.com is email@example.com. Your password has been copied to the clipboard. Open your web browser, select the password field and type Ctrl V to login.” The user would also be given the option of showing the password. In the case of a local password like wifi, it would simply be displayed rather than copied to the clipboard.
Ok, in that case Meteor is fine to use. Will sync to all clients when you want, can be secured well so yes fine choice.
You could use Mylar, also interesting to read is how for example Dropbox handles passwords: https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/ also Facebook has some great articles.
In general: Don’t roll your own encryption, stick with what encryption experts have defined as best practices.
Excellent! Thank you so much, lucfranken!
Meteor is hard to reliably secure (it would require some effort and still you might miss or forget something). Also I don’t know how strong meteor itself is from security standpoint I have my doubts. And let’s not forget start that it is barely supported anymore so I really doubt anyone is doing code reviews to find vulnerabilities now. I would not write an app where security is the main goal with meteor. Maybe it can be done, but for such use case it’s better go with something like java.
I feel ignl’s advice is very poor. As long as you secure which data is shared on server side properly (which you will have to do in any platform) and only include data that should be shared in client, you shouldn’t run in to major problems.
With that said, as long as the security methods your using are using proper encryption/salting, your using pretty much the same security practices as most high security sites out there. (I believe the Meteor package uses these methods by default with bcrypt iirc?).
For more information on how to design your app securely, you can read this: https://guide.meteor.com/security.html
You just said as long as you secure everything it will be secure I just feel it’s harder to do with meteor and do not have strong trust in security of a platform itself which OP as developer can’t really do much about. Security of meteor is fine and meteor is fine I would just not use it for an app where security is the top priority and the main goal that’s it. Like if you have to put your top secrets somewhere it’s probably better to put it in openbsd instead of windows server (both are fine products).
First time see someone advicing Unix over Windows Server in terms of security…
As for Meteor, I don’t see any reason not to use it, except its not made for managing encrypted data.
It would be easier to use another framework just in terms of overhead reduction. Not security itself.
By the way, apps where server expected to be compromised are much harder to work on.