How to separate a person's identity from his personal data?

前端 未结 7 1910
挽巷
挽巷 2021-02-09 16:56

I\'m writing an app which main purpose is to keep list of users purchases.

I would like to ensure that even I as a developer (or anyone with full access to the database)

7条回答
  •  攒了一身酷
    2021-02-09 17:18

    I'm afraid that if your application can link a person to its data, any developer/admin can.

    The only thing you can do is making it harder to do the link, to slow the developer/admin, but if you make it harder to link users to data, you will make it harder for your server too.


    Idea based on @no idea :

    You can have a classic user/password login to your application (hashed password, or whatever), and a special "pass" used to keep your data secure. This "pass" wouldn't be stored in your database.

    When your client log in your application I would have to provide user/password/pass. The user/password is checked with the database, and the pass would be used to load/write data.

    When you need to write data, you make a hash of your "username/pass" couple, and store it as a key linking your client to your data.

    When you need to load data, you make a hash of your "username/pass" couple, and load every data matching this hash.

    This way it's impossible to make a link between your data and your user.

    In another hand, (as I said in a comment to @no) beware of collisions. Plus if your user write a bad "pass" you can't check it.


    Update : For the last part, I had another idea, you can store in your database a hash of your "pass/password" couple, this way you can check if your "pass" is okay.

提交回复
热议问题