0

I'm creating a mobile application with react-native and mongoDB (AWS mongoDB server). How to I store the user database creation credentials (need database admin access) to signup in application. Do I need any third party web server[I prefered MERN STACK Server] for the admin credentials to secure it?. Else how can I do this?. If I migrated from App to website (last choice) can I call the API (don't have even idea about API) or web-data securely?.

const MongoClient = require('mongodb').MongoClient;
const uri = "mongodb+srv://<username>:<password>@project-red.ddhvn.mongodb.net/<dbname>?retryWrites=true&w=majority";
const client = new MongoClient(uri, { useNewUrlParser: true });
client.connect(err => {
  const collection = client.db("test").collection("devices");
  // perform actions on the collection object
  client.close();
});

This is I got from the mongodb cluster.

How to encrypt these URL encoded data and store password data(for admin on a server) using crypt, mongodb-client-encryption and mongodb.

How to encrypt admin password and url-data in server?

Sivamani V
  • 61
  • 9
  • You have to securely store that in the database using some hashing method I guess. This is not related to react-native or mobile app development. – Samitha Nanayakkara Sep 10 '20 at 18:26
  • I don't believe hash algorithms. Rooted or jail breaked mobile device can view these data while application running in foreground. – Sivamani V Sep 11 '20 at 02:51
  • Not quite sure what you mean. But you don't do that directly on an end user client. There should be a web server doing the hashing, and ideally another backend component, like Secrets Manager, to store the hash salt. So if you are to implement another client, it shall go through the same web server. – cltsang Sep 11 '20 at 03:29
  • Sivamani When your token or whatever the data is hashed, it cannot be stolen even if a hacker access it. Because the data is already converted to another format which cannot be revert. I think it’s better to understand how hash algorithms work rather than rejecting it without knowing how it works. – Samitha Nanayakkara Sep 12 '20 at 03:11
  • Samitha Nanayakkara, I can understand some what you are saying. but in URL will it be safe? like man-in-the-middle attack? even it is not HTTPS. – Sivamani V Sep 12 '20 at 17:18

0 Answers0