Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
584 views
in Technique[技术] by (71.8m points)

firebase - should i encrypt the password field in a cloud firestore collection document?

i've read many questions here in SO about Flutter/Firebase encryption and one the most straight forward answers i saw here is:

Is the Firebase sign in method signInWithEmailAndPassword(email, password); use in flutter sends the password hashed?

my question is:

should i need to encrypt the password field of the user's document in cloud firestore users collections?!

passwords are stored in my collections like this:

1

  1. what should i do to prevent the staff members from seeing our users passwords in plain text like above?!

  2. if i used the encrypt package from pub.dev..i can encypt the entered password in the input field by the user with encryption type "AES"..and then pass the encypted text to the cloud firestore users collection....what if a staff member has access to users firestore collection and saw this encrypted password string ?!

  3. if both of the above questions are logically wrong...should i omit the password field completely from the cloud firestore users collection?!

question from:https://stackoverflow.com/questions/66058340/should-i-encrypt-the-password-field-in-a-cloud-firestore-collection-document

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

DO NOT SAVE ANY PLAINTEXT ABOUT PASSWORD.
You should NEVER save password without encrypt.
For you, for your user.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...