#[CLOSED] How to save important data in a user database

How to have important data encrypted and only that user can use it so when a database leaks the cannot access it through appwrite

Good question.

You can have a custom appwrite function run whenever a document is created in the user collection, which uses some sort of hashing algorithm to mask the data.

How you would store the hash and salt is a different story, because if the database get's leaked, then it's likely that the hash and salt stored in a db will also be exposed.

That being said, it's not impossible, just requires a lot of thought.

Hmmm yeah was facing this issue before with mysql server but just made stored it without any encryption probably will do that again then

But then I would need to create a extra collection with all the users to add more things right? and give to that user permissions to read it

And then I can use some kind of appwrite function right?

You could create some kind of symmetrical encryption using some password, however that should be done client-sided

Hmmm yeah true but then the will need to put in their password each time the log in on a new device tho so it can be saved in local storage

It's not too recommended encrypting and decrypting all data mainly server-side because:

1. Making that server-sided will probably not solve anything, data could be leaked anyways
2. Everything will get slower

Yes, user could create an independent password saved locally to encrypt and decrypt (symmetrical encryption)

However such password could be leaked if any other app in the phone has access, like tokens

hmm, yeah well then the will need to have the leaked database for example and get everyone's their password

so thats pretty hard ig

But how would I save those hash keys because I would need to save them in a new collection. But is it possible to have it when you create or delete a account it will create a new user in that database so have it linked?

Because I havent figured out how that works I saw something about functions but I am totally new to that

Nope, since passwords are saved locally, I mean an app user has installed

You don't need to save anything in appwrite, as said before, everything is done client-sided

Or at least if you don't want really high costs

Wdym?

Its self hosted (VPS)

But if I want that for instance how would I do that?

So I can save some things aswell for that specific user that arent as important

Mind if I ask what your use case is @sharp zenith?

Not saying encryption is bad, but too much encryption can lead to slower speeds.

So I have a simple game with a 5 by 5 grid and want to save where the user has clicked on the grid on their own account

Okay

So when the refresh the still have

In that case, mind if I ask why you want to encrypt such data?

Nah that was for something else

Cuz it seems a little too overkill 😅

ah okay

look encryption in general needs to be handled with care. As @stuck radish said, client-side encryption is a good idea, but it might slow things down in terms of UX.

encrypting and decrypting takes time, and sometimes a lot of resources.

Yeah

Both encrypt and decrypt operations requires additional computational effort

More compute = more costs

Note that for Hackathon you need to use cloud (just in case you're participating)

WhatsApp for example handles most things related to encryption client sided. Telegram uses another asymmetric encryption system that needs more computational effort server-sided

And this can be done through a appwrite function?

Maybe, but as said, not recommended

For not saying it's not recommended encrypting the database itself

hmm yeah and I found a bug? this should called aswell on creation right?

for functions

I think there's not any bug, It seems to be correct

Only deletion is triggered but when I register it doesnt start the function

so a create user event

Note that things like functions variable are encrypted

Because that's the only thing needed to be encrypted most cases

You need to put user.create

You didn't have selected it

it says user.*.create

The screenshot doesn't seems to show create

I mean with this as I tried this before

Its not triggered

This should trigger 🤔

Unless OAuth, I think

(Login with third party)

I used email

or does it be like this

let me try this

nope

but users.* will do all events aswell right? so then creation/register must be a trigger aswell but it doesnt

Not sure about that, if possible, please, create another post for this issue, in order to separate different topics 😅

alr will do