sensitive-data

Sensitive Data separation within MongoDB and NodeJS - references via encrypted key

旧街凉风 提交于 2021-02-19 03:06:58
问题 I am currently working on an application which allows users to save sensitive date. Since it's a web application we are using NodeJS and MongoDB for persistence. (BTW I am completely new to Node and NoSQL) We do have users who can store kind of a medical history. Name and email are stored within a user document while the other stuff is stored within the profile. To improve security I would like to encrypt the references from a user to his profile and vice versa. At the moment I am using the

Securely storing and searching by social security number

流过昼夜 提交于 2021-01-21 03:48:26
问题 So I'm working on a supplemental web-based system required by an HR department to store and search records of former personnel. I fought the requirement, but in the end it was handed down that the system has to both enable searching by full SSN, and retrieval of full SSN. My protestations aside, taking some steps to protect this data will actually be a huge improvement over what they are doing with it right now (you don't want to know). I have been doing a lot of research, and I think I have

how to pass sensitive data from view to controller

*爱你&永不变心* 提交于 2020-01-05 03:26:32
问题 In order to construct an entity with quite a lot of information, I need to performe a sequence of forms submitting. Every time I return a view from a controller, I need to pass some id's about the not yet established entity. Right now I inject these pieces of info into hidden fields, and when post back to server, continuing to construct the entity. This scenario continues for a few times. I'm very not satisfied with this way of passing sensitive information, and was wonder if there're other

Can I access Bitbucket Pipelines environment variables from my source code?

狂风中的少年 提交于 2019-12-23 17:37:01
问题 I have my sensitive data as environment variables in Bitbucket Pipelines, e.g. database credentials. Is there a way I can access these environment variables from my source code? I do not want to push these sensitive data to my repository. 回答1: Bitbucket Pipelines environment variables are just regular environment variables. You can access them however you normally would; this depends on the programming language you are using. For example, in Python you can use os.getenv(), which lets you

How to separate a person's identity from his personal data?

佐手、 提交于 2019-12-09 06:22:28
问题 I'm writing an app which main purpose is to keep list of users purchases. I would like to ensure that even I as a developer (or anyone with full access to the database) could not figure out how much money a particular person has spent or what he has bought. I initially came up with the following scheme: --------------+------------+----------- user_hash | item | price --------------+------------+----------- a45cd654fe810 | Strip club | 400.00 a45cd654fe810 | Ferrari | 1510800.00 54da2241211c2

How to separate a person's identity from his personal data?

我们两清 提交于 2019-12-03 08:53:47
I'm writing an app which main purpose is to keep list of users purchases. I would like to ensure that even I as a developer (or anyone with full access to the database) could not figure out how much money a particular person has spent or what he has bought. I initially came up with the following scheme: --------------+------------+----------- user_hash | item | price --------------+------------+----------- a45cd654fe810 | Strip club | 400.00 a45cd654fe810 | Ferrari | 1510800.00 54da2241211c2 | Beer | 5.00 54da2241211c2 | iPhone | 399.00 User logs in with username and password. From the

Android private content provider?

自作多情 提交于 2019-12-03 06:57:44
问题 I am developing an application that involves some sensitive user information. I retrieve this information via a private web API. I am trying to determine the best way to get this data into my app. Right now I'm exploring creating a content provider that can do so; my hesitation is in making it secure. I want this data to be usable only by my application. Ideally, no other apps would even know it exists. Do you have any pointers or advice on how to do this effectively and securely? Any info on

Android private content provider?

和自甴很熟 提交于 2019-12-02 21:38:26
I am developing an application that involves some sensitive user information. I retrieve this information via a private web API. I am trying to determine the best way to get this data into my app. Right now I'm exploring creating a content provider that can do so; my hesitation is in making it secure. I want this data to be usable only by my application. Ideally, no other apps would even know it exists. Do you have any pointers or advice on how to do this effectively and securely? Any info on content providers who's data source is a remote OAuth'd API? Thanks! Edit: I say content provider, but

How do you handle sensitive data in a public git repo?

自古美人都是妖i 提交于 2019-11-28 21:17:09
How do you handle sensitive data like secret API keys, hash salts when you keep your code in a public git repo? Obviously keeping the sensitive data in the code will compromise it. Another solution is to not hardcode the secret info in the code, but store it in a stand-alone file and gitignore the file. This has the disadvantage that when someone pulls your code for the first time the secret information will be missing and it won't run out of the box. This can be accounted for by writing a "initialize if missing" routine in the code, but then you're letting the git system slip into your code,

How do you handle sensitive data in a public git repo?

只愿长相守 提交于 2019-11-27 20:54:59
问题 How do you handle sensitive data like secret API keys, hash salts when you keep your code in a public git repo? Obviously keeping the sensitive data in the code will compromise it. Another solution is to not hardcode the secret info in the code, but store it in a stand-alone file and gitignore the file. This has the disadvantage that when someone pulls your code for the first time the secret information will be missing and it won't run out of the box. This can be accounted for by writing a