-
Notifications
You must be signed in to change notification settings - Fork 0
Security Issues
How will we protect sensitive information kept by our software?
Firebase secures phone numbers authentication and real-time chats, and MongoDB Atlas has built in security controls and customized guardrail. It provides advanced encryption of data pulled or stored within its database.
We collect limited information from our users such as email, password, phone number, and games they play. The most critical thing that might be collected is real time chat data, which should be validated, encrypted, and secured through Firestore from Firebase.
Are there any possible attack vectors, i.e., ways malicious users could try and use our software to escalate their privileges?
Users might add malicious links to their profile or sent through chats, that could allow them to get information from other users. There is also the possibility for Verification Code scams, but that would only allow them access into someone else's account.
For our database specifically, Firestore prevents insertion attacks, and Firebase Authentication has security measures that prevents a user from accessing other user's information. MongoDB secures all personal profile information through encryption, preventing cyberattacks.