0

I am working on a hospital project where each doctor must have access to his/her patient's documents and his/her own documents only. Here is my current db structure:

enter image description here

I will give doctors, their passwords by hand. So that's why, I am thinking about creating some passwords, hashing and salting them. Storing the passwords on a paper, not on any part of the PC.

When it comes to the database access, my doctors should be able to access their own documents and update their patients documents.

Here is what I think for signing in a user :

  1. Get the entered password from the user.
  2. Hash the password.
  3. Salt the password.(Salt is fetched from the db)
  4. Get the hash value of users password from db and check their equality.
  5. Let the user in if they are equal.
  6. Get the user's Uid.
  7. Let the user access to the documents with the Uid of their own or their patients. (This seems now right for me. But i don't know a better way.)

I doubt step 7 mostly. Showing me a better way or a document about it or telling me why doing so is secure will be very helpful. Thanks in advance.

No N
  • 151
  • 2
  • 11
  • 1
    Since you tagged with `firebase-authentication`, why don't you use that to sign the users in? – Frank van Puffelen Sep 08 '18 at 14:50
  • I need predefined users. I will have their passwords already created for them. Can i still use firebase-authentication for that case? Also any idea on step 6 and 7? – No N Sep 08 '18 at 15:11
  • Also there will be no email or phone number for users created. I can generate some fake email addresses for the users. Is this a good idea? – No N Sep 08 '18 at 15:20
  • You can create users with the Admin SDK. See https://firebase.google.com/docs/auth/admin/manage-users#create_a_user. But that only works for built-in providers. Since your users don't have an email address, you're looking to create username/password accounts. There is no built-in provider for that, but you can have a look at this sample: https://github.com/firebase/functions-samples/tree/Node-8/username-password-auth – Frank van Puffelen Sep 08 '18 at 22:21

0 Answers0