-
Notifications
You must be signed in to change notification settings - Fork 0
Security Issues
How will we protect sensitive information kept by our software?
Firebase secures phone numbers authentication and real-time chats, and MongoDB Atlas has built-in security controls and customized guardrails. It provides advanced encryption of data pulled or stored within its database.
We collect limited information from our users, such as email, password, phone number, and the games they play. The most critical thing that might be collected is real-time chat data, which should be validated, encrypted, and secured through Firestore from Firebase.
Are there any possible attack vectors, i.e., ways malicious users could try and use our software to escalate their privileges?
Users might add malicious links to their profiles or send them through chats, allowing them to exploit other users. There is also the possibility of Verification Code scams, but that would only allow them access to someone else's account.
For our database specifically, Firestore prevents insertion attacks, and Firebase Authentication has security measures that prevent a user from accessing other users' information. MongoDB secures all personal profile information through encryption, preventing cyberattacks.