Seperate data for security

I have a project (using meteor - mongodb) which we need to split our data structure:

  • Common data which can be control by us.
  • Sensitive data which need to locate on customer’s server and control accessibility by customer.

The purpose is to ensure even with our admin right, we may not read their sensitive data.
I think of 2 options:

Option 1:

  • the app connect to multiple database and the customer will grant the access to their database
    But I’m not clear how to control the mongodb standalone.

Option 2:

  • develop app on customer server and communicate with the main app.

Is that possible? Is there any better solution?
I’m new to the meteor, so please advise me the typical solution.


Having multiple databases isn’t required. Why not just have the data on the customers servers and manage what data they can access via publications?

1 Like

The application provide service to multiple customer, in my current version, all customer data in my server.
But many customer require that they can totally control their sensitive data.

So like each customer should have 1 admin right for their data.
I think separate data to their server may also help to reduce the load to our server.

I have one meteor instance used by multiple customers. I use publications to limit data sent to the client. e.g. create a field against collections which states the customer ID. Then in the publications limit the data sent to the client by the customer ID field.

I am obviously talking high level so you’ll need to look into how to best implement this into your application.

1 Like

You can change which database a collection uses like this:

	Shared = new MongoInternals.RemoteCollectionDriver("mongodb://localhost:27017/" + 'shared' + '?replicaSet=rs0',{oplogUrl:"mongodb://localhost:27017/local?authSource=" + 'shared'});
} else {
	Shared = undefined;
Documents = new Mongo.Collection('documents', {_driver:Shared});

So that way you can have some collections that are on your customers servers.

Truly preventing the creator of the app from snooping is going to be quite difficult though. Even if the data is stored on their servers, you could still make a modification to the app itself to steal information.

One thing you could do is implement encryption on sensitive fields, with a key that is only stored on the client. Still, you could circumvent that by updating the client. And if you have Hot Code Push enabled, you could do it without even going through the App Store.

1 Like