Security Ideas
nsipplswezey opened this issue · 1 comments
"How do I make sure that as a developer using Nodal, I do not exposing information that a user trusts me to protect."
At the highest level, full stack application engineers face that following complex and potentially high risk problem.
The broadest applied case is typically passwords. But passwords can generalize to any sensitive information.
Nodal provides a generator for creating an API endpoint that manages user passwords.
The question is:
"How can Nodal guarantee me, as a software engineer, that I never expose the password that a user trusts me to protect." The purist answer is "nothing can do that besides vigilance."
While demoing Nodal to a friend, he brought up this concern and we reasoned through it:
Client side: Can passwords be encrypted immediately on the client? Yes. This isn't a direct Nodal concern.
Wire side: Can request sent from client to server be encrypted? Yes. HTTPS.
Server side: Can a Nodal API be designed to operate exclusively with encrypted passwords? That is to say the Nodal user model never sees a plain text password. The current --user
generator by default supports plain text passwords in the request parameters followed by server-side encryption. Is it worthwhile to support a --user
model that supports client-side encrypted passwords.
Deployment side: Can the deployment environment be default configured to never log specific fields of request data? The current CLI nodal deployment option isn't explicit about this, but could be.
This is supported by .hides()
functionality on Models.
Good thoughts, keep them in mind as we progress.