MongoDB和NodeJS中的敏感数据分离-通过加密密钥进行引用 [英] Sensitive Data separation within MongoDB and NodeJS - references via encrypted key
问题描述
我目前正在开发允许用户保存敏感日期的应用程序.由于它是一个Web应用程序,因此我们使用 NodeJS 和 MongoDB 进行持久化.(顺便说一句,我对Node和NoSQL完全陌生)
I am currently working on an application which allows users to save sensitive date. Since it's a web application we are using NodeJS and MongoDB for persistence. (BTW I am completely new to Node and NoSQL)
我们确实有可以存储某种病历的用户.名称和电子邮件存储在用户文档中,而其他内容存储在配置文件中.为了提高安全性,我想对用户对个人资料的引用进行加密,反之亦然.
We do have users who can store kind of a medical history. Name and email are stored within a user document while the other stuff is stored within the profile.
To improve security I would like to encrypt the references from a user to his profile and vice versa.
此刻,我正在使用 NodeJS 的 Crypto 库对用户配置文件中的 user_id 参考进行加密(AES256).因此,引用不再是ObjectID的类型,而是字符串
At the moment I am using the Crypto library of NodeJS to encrypt (AES256) the user_id reference within the users profile. As a consequence the reference is not a type of ObjectID anymore but a string
因此,通过直接查看数据库,无法检查哪个概要文件属于哪个用户. encrypt 和 decrypt 用户ID的密钥存储在 NodeJS 服务器的js文件中的某个位置.
So by viewing the database directly it is not possible to check which profile belongs to which user. The secret key to encrypt and decrypt the users id is stored somewhere in a js file of the NodeJS server.
这是常见/好方法还是我做错了什么?有没有更好的方法–我读到mongoDB不支持任何内置加密"
Is this a common/good way or am I doing something completely wrong? Are there any better ways – I read that mongoDB is not supporting any "built in encryption"
至少,这是用于加密/解密的代码
At least, here is the code for the en/decryption
module.exports = function() {
this.encryptionSecret = "ANYSECRET";
this.crypto = require('crypto');
this.algorithm = 'aes256';
this.encrypt = function (key) {
var cipher = this.crypto.createCipher(this.algorithm, this.encryptionSecret);
var encrypted = cipher.update(""+key, 'utf8', 'hex') + cipher.final('hex');
return encrypted;
};
this.decrypt = function (encryptedKey) {
var decipher = this.crypto.createDecipher(this.algorithm, this.encryptionSecret);
var decrypted = decipher.update(encryptedKey, 'hex', 'utf8') + decipher.final('utf8');
return decrypted;
};
};
推荐答案
让我们看看您面临的风险:
Let's take a look at the risks you're facing:
-
黑客闯入您的服务器并窃取了整个数据库.不幸的是,在这种情况下,加密引用并没有多大用处,因为黑客也可能会访问密钥..即使您完全联合了数据,例如到不同的数据中心,并且黑客仅获得数据的匿名"部分,这些病历可能会包含姓名,保险和/或其他标识数据.即使没有,也有研究表明匿名数据几乎是不可能的(例如:匿名的朋友图,设备配置文件)
A hacker breaks into your server and steals the entire DB. Bad luck, in this case, encrypted references won't help much since the hacker likely got access to the key, too. Even if you completely federate the data, e.g. to different data centers, and the hacker only gets the 'anonymous' part of the data, those medical records will probably contain name, insurance and/or other identifying data. Even if not, there's research that shows that it's almost impossible to anonymize data (examples: anonymized friend graphs, device profiles)
黑客入侵了您的网站并可以访问其帐户外的数据,因为您的服务器必须能够处理取消引用逻辑,并且必须有权访问两个数据存储才能执行其操作责任,这种方法根本不会增加安全性.但是,由于您使用的服务器技术是全新的,因此软件中存在安全漏洞的可能性很高...
A hacker hacks your site and gets access to data outside his account Since your server must be able to handle the de-referencing logic and must have access to both data stores to perform its duty, this method won't add security at all. However, since you're using a server technology that is completely new to you, the chances of having security holes in your software are high...
磁盘崩溃,您丢失了部分数据或密钥.在这种情况下,与从没有加密参考的类似方案中恢复相比,您要做的工作更多.p>
The disk crashes and you lose part of the data or the key In that case, you'll have more work to do than recovering from a similar scenario without encrypted references.
使Web应用程序的安全归结为一种和一半的可能性:通过使用安全的编码标准,渗透测试,入侵防御,两因素身份验证等,使系统本身尽可能强大.和/或使用客户端加密.后者看起来像终极武器,但充满了自身的危险.恐怕没有[我能想到的]银弹.
Making web applications safe boils down to one-and-a-half possibilities: Either make the system itself as robust as possible by using secure coding standards, penetration tests, intrusion prevention, two-factor authentication, etc., etc. and/or use client-side encryption. The latter looks like the ultimate weapon, but is fraught with its own perils. I'm afraid there's no silver bullet [that I can think of].
这篇关于MongoDB和NodeJS中的敏感数据分离-通过加密密钥进行引用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
