-
Notifications
You must be signed in to change notification settings - Fork 0
Security Issues
How will we protect sensitive information kept by our software?
Answer Here
Firebase secures phone numbers authentication and real-time chats, and MongoDB Atlas has built in security controls and customized guardrail. It provides advanced encryption of data pulled or stored within its database.
We are collection limited information from our users, like email, password, phone number, and games they play. The most critical thing that might be collected is real time chat data, which should be validated, encrypted, and secured through Firestore from Firebase.
Are there any possible attack vectors, i.e., ways malicious users could try and use our software to escalate their privileges?
This includes root access to our servers, access to other users sensitive information, root access to our database, etc.
Explain protection plan: Answer Here
Users could put malicious links in chats or profile to other users that allow them to get their information. There is also the possibility for Verification Code scams, but that would only allow them access into someone else's account.
For our database specifically, Fire store prevents insertion attacks, and Firebase Authentication has security measures that prevents a user from accessing other user's information. MongoDB secures all personal profile information through encryption, preventing cyberattacks.