What is the best way to auth, identify and store delicate information about users?

巧了我就是萌 提交于 2019-12-08 13:39:34

You are wanting to acquire a rather sensitive combination of information - user email (as identity), phone number, and location.

So firstly, you'll have to be very considerate about privacy issues for users, having a policy on how this information is stored and distributed and make it clear to users what they are allowing. I would suggest not storing any aggregate of this type of dataset in the client, in as much as possible.

For this purpose I would recommend using GAE storage as much as possible.

Your app querying a user's location shouldn't be too worrying, provided things are done over secure channels kept well.

What is worrysome is that that information only reaches an allowed source. i.e that only a mutual contact can request this information.

I'd suggest that for each user, a whitelist of allowed contacts would be best. For each user, have a secret random uuid associated (that never goes out to any client) on GAE. A user registering for your service would create this ID. The whitelist would then consist of a list of secret IDs.

A process could then be-

  1. A makes request for B's location
  2. request is forwarded to GAE app.
  3. GAE app verifies that A's secret ID is on B's whitelist
  4. The app then queries for B's location
  5. Once the app retrieves this information, it then verifies that it is only sending this information to the user identified by A's secret ID
  6. The info is then sent securely to A's client
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!