I opened this thread cause i'm having hard time deciding on some issues i have with my project. The issues are:
- Encrypting source code files(not obfuscation, need encryption that can be ran).
- Encrypting documents stored in mongodb, mainly username and passwords.
- Mongodb login - is it possible to demand a username & password to open connection to the server?
- Little bit of info: My project is to be installed on customer servers, so it's very important that the code will not be viewable and hopefully uncrackable(minimum security).
1 - For the first item, i found JXCORE and it seems promising, but i was unsuccessful at finding proof or reviews of users who used it in production. Anyone can recommend other methods? or if anyone can review the option i listed i'll appriciate it.
2 - For encryption i want to use AES256 and i found the library crypto-js to be able to answer the requirements. Unfortunately, it doesn't provide assistance with node.js(none that i could find).
For example when i run this code, i want to see both the encrypted and the decrypted items:
var AES = require("crypto-js/aes");
var temp = AES.encrypt("Message", "secret password").ciphertext.toString();
console.log(temp);
console.log(AES.decrypt(temp, "secret password"));
Only the encrypted ciphertext is presented, not sure how to access the decrypted text.
On a side note, does anyone recommend using SHA3 combined with AES256?
What is the recommended approach for securing username&password mongodb DB?
If you got a documentation link or useful tutorial for crypto-js in node.js please link in the comments. My JS skills aren't pro so it might be in there and i fail to see it, so apologizes if this was a noob thread.
Thanks.
