0

I using firebase to save my application data, but I found some hacker inject data to my firebase data cloud.

I have an idea to use encryption. May be like this :

client encrypt string of json data, and save it to firebase reference. before it saved properly, there is some function or middleware run first to decrypt that encrypted request back to original string of json data. I use AES256 for it, so there is a password to encrypt and decrypt it.

is this possible?

for example raw data:

{
    "data" : {
        "name" : "dolly"
    },
    "token" : "aZuy7d8a7"
}

become 

{
    "data" : "$6a87dab9dd9a8d-d9ad0a9n0an976786",
    "token" : "aZuy7d8a7"
}

and before firebase server-side save it properly, it will try decrypt data to original, if decrypt proccess fail, it will return bad request HTTP response, of data not good.

Rosário Pereira Fernandes
  • 11,015
  • 6
  • 55
  • 79
yozawiratama
  • 4,209
  • 12
  • 58
  • 106
  • You might want to have a look at [this discussion on the firebase-talk mailing list](https://groups.google.com/forum/#!topic/firebase-talk/kYSu0uFVHEY), where a fellow developer describes their approach to such end-to-end+at-rest encryption. – Frank van Puffelen Nov 27 '17 at 18:37
  • Google KMS ask to paid service, my app still need more time to ready for paid service like that – yozawiratama Nov 27 '17 at 23:57
  • You'll need to find another service to fulfill that role then. I have no recommendations for specific services (and they would be off-topic on Stack Overflow anyway). But the approach outlined in the post seems the most thorough description of what it takes. – Frank van Puffelen Nov 28 '17 at 01:06

0 Answers0