I want to know the how we can secure data in pouch db ? Is there any mechanism like encryption for data-at-rest or SSL protection for transport layer ?
Asked
Active
Viewed 341 times
1 Answers
1
Assuming 'transport' refers to local and remote database synchronization the clear choice is to use HTTPS[1] rather than HTTP.
There are very few reasons not to use HTTPS.
Assuming 'data-at-rest' means encrypting the local database the easy solution is the PouchDB plugin Crypto Pouch[2].
Do note in Crypto Pouch's details
If you replicate to another database, it will decrypt before sending it to the external one. So make sure that one also has a password set as well if you want it encrypted too.
So again, use HTTPS for transport. Did I mention HTTPS?
Encrypting the database may introduce a performance bottleneck as it must decrypt every document read and encrypt every document written. I do not recommend encrypting the entire database unless it is very small and/or is queried infrequently, but that's an implementation detail left for each to decide.
If there's only a need to encrypt specific documents, for example _local documents[3] that do not replicate, use a combination of the excellent Transform Pouch[4] plugin and leverage either the Window.Crypto API[5] or the Native Crypto[6] package.
Beware! Local crypto may dissuade lazy interlopers but highly motivated actors may find gaps in your approach, so have a care.
As with all NPM packages be sure to read up on open issues before getting deeply dependent. For example the Crpyto Pouch build is passing but its maintainers are unresponsive.
In any event, use HTTPS. Did I mention HTTPS? Use HTTPS.
[1] HTTPS
[2] Crypto Pouch
[3] PouchDB _local documents
[4] Transform Pouch
[5] Window.Crypto API
[6] Native Crypto
RamblinRose
- 4,883
- 2
- 21
- 33