I am developing a web app using Firebase, in which teachers can create an assignment and student can submit files in that assignment. I want to implement a password feature where the teacher will be able to set a password while creating assignment and students only who know the password will be able to submit.
I have thought of implementing this feature in the following way:
When teacher will set the password, I will send the password to a Firebase cloud function which will encrypt the password and store it in the Firebase real-time database using Firebase Admin SDK. When students will submit the password, the password will be sent to a cloud function which will decrypt the actual encrypted password (which is stored in the real-time database), match it with the password sent from the client and send a response to the client containing a message which will tell the user if the password is matched or not.
I have four questions.
- Will this way (described above) be secure enough?
- If this way is secure, then how should I encrypt the password? Is there any library function to encrypt data in Firebase cloud functions? Or should I use my own encryption algorithm?
- Is storing the encrypted password in Firebase real-time database secured? If not, then where should I store it?
- If this way is not secured, then how can I implement the feature described above?
