Yo everyone, I am fairly new to MongoDB & loving it so far, however I do need some advice how to achieve something so I can go full force with using this DB.
So TL:DR - I am working on a TCG, & each card has a private & public key. I need to generate the public key server side using SHA1.
So the public key is stored in the DB & is public to all, but the public key is generated using the private key, this helps protects ownership. But what I am looking to do is modify the MongoDB search query process where a search is, instead of being performed on
db.test.find( { "key": "private_key" } )
on the server side of things, it’d perform
db.test.find( { "key": SHA1("private_key"+"hash") } )
this way the hash is only known to the server & there is one added layer of security for the user in terms of protecting their card ownership. Of course you see the issue of calculating this public key locally, because this adds no obfuscation, if the server is just expecting a public key, any user can look up any card on the publicly available card db & spoof any card they desire.
Of course a user gets access to a private key they dont own, be it through nefarious means, or borrowing a friends key, or past ownership, its possible for them to spoof, but I have extra security measures in place that is probably beyond the scope of this thread.
What advice to you have for me? As it stands, based on my experience i’d do some convoluted process in which i’d host a server, send the request to the server, have the server to the encryption, & then do the query & then send it back to the user, but MongoDB seems powerful enough to have some work around this.
Thanks for your time!