Storing user data securely in Flutter and Dart
Solution 1
Consider the usage of hive, which is a very popular NoSQL database for Dart and Flutter which automatically does a strong encryption of the data.
It's also used by the hydrated_bloc for example and other packages.
In general, you shouldn't implement encryption/decryption logic by yourself. Use well-known libraries (such as hive) which just does the work for you.
Solution 2
I guess including encryption depends on the type of data you're storing. Whether it is sensitive etc. same yada yada rules apply even in flutter. Like you should encrypt passwords etc. I you're going for encryption I highly suggest to encrypt the data even using dart before sending it to firebase or as some http request/response. Check out this package- flutter_string_encryption
Solution 3
I dont think you need to encrpyt before you send it to firestore.. As long as you set your firestore rules well it would be ok
123432198765
Updated on December 21, 2022Comments
-
123432198765 over 1 year
Suppose I have a notes app where I need to store user's notes securely. Can I store the notes in a plaintext format in an sqlite database? Or should they be encrypted locally as well?
Also should I encrypt it before I send it to the Firestore database? I've looked into the encrypt package but it's difficult to understand. Are there any good tutorials for this?
If I should encrypt, what type of encryption should I use?
-
123432198765 almost 4 yearsBut I can see their data as the admin...isn't that unsafe?
-
Jesus Loves You almost 4 yearsyou can block everyone including yourself
-
123432198765 almost 4 yearsOh wow, I didn't know that! And do I need to encrypt the data stored in sqlite databases on device?
-
Jesus Loves You almost 4 yearsyh its pretty easy should i give you a link where you can learn more about rules
-
Jesus Loves You almost 4 years
-
123432198765 almost 4 yearsHi I'm wondering about data being sent off device for example to Firestore
-
123432198765 almost 4 yearsThanks! And do I need to encrypt the data stored in sqlite databases on device?
-
Alberto Miola almost 4 yearsYou don't need to send encrypted notes via Firestore since it's already a secure HTTPS connection. It's already encrypted by construction. You shouldn't store passwords in clear so sending encrypted passwords is generally the best thing to do. Ok, Firestore "is safe" but still you shouldn't store sensible data in clear. -
Jesus Loves You almost 4 yearsplease can you upvote my answer.. Well i dont think so .. You can just put an extra layer of security. Like a password page.. Which is really easier
-
123432198765 almost 4 yearsThat's good to know! I'm not sending any passwords. And other than Hive are sqlite databases generally secure?
-
Jesus Loves You almost 4 yearsthanks if you need help with a password page i can help
-
Alberto Miola almost 4 yearsIf you mean "secure = encrypted" then no, sqlite databases are not automatically encrypted. You still need to entrypt data by yourself
-
123432198765 almost 4 yearsThanks, I have a password page
-
123432198765 almost 4 yearsIs it necessary to encrypt non sensitive data stored in sqlite databases?
-
Alberto Miola almost 4 yearsYes. With SQLite you should use something to encrypt your passwords (MD5, SHA-1...) but you have to look for a reliable one.
-
123432198765 almost 4 yearsSo even non sensitive information stored in an sqlite database should be secured with a password?
-
Alberto Miola almost 4 yearsIt depends on you, there is not a general rule. Passwords for sure shouldn't be in clear but the rest, it depends
