Reputation: 2684
Storing sensitive data in mongodb/node
I am working on a project which requires my web app to collect sensitive information from users (e.g. photo of driver's license.) This is done via a file upload on Angular and I was planning on storing the images as a binary array in MongoDB. I was also considering storing the images directly on the server using node.js (busbuy, or fs I believe) and storing a reference of the image in the server (API points have implemented proper access-controlled in both cases) The problem is.. I don't know how secure either approach would be.
Like passwords, I don't believe storing "plain/raw" image of sensitive data (DL, SSN) is considered in any sense secure.
What is an approach to secure the storage of sensitive images on a server?
Upvotes: 1
Views: 2349
Answers (1)
Reputation: 2324
You should store the images into database, and secure the database. MongoDB provides couple of ways to protect its data. For example, enable TLS/SSL connection between database and server, authenticate all clients before connection established, add access control to images collection.
Here are some useful references:
How to Install and Secure MongoDB
MongoDB security documentation
Upvotes: 5
Related Questions
- Using MongoDB and storing critical information so that it is protected
- Best practice for storing sensitive connection data when connecting to a DB
- How can I have a secure MongoDB - Mongoose setup?
- Mongodb security in node.js
- MongoDB: Architecture and security best-practices
- Securely store data on a web server
- create secure database in mongodb
- Database Exposure: Best Practices
- MongoDB security, what am I missing?
- Access Control in MongoDB