I'm a bit lost when it comes to database security, and I'm hoping someone can simplify this for me. We're a small team working on a unique app that functions like a quiz, keeping track of scores over time to help monitor bipolar symptoms. I handle the visuals while my teammate does most of the coding. Right now, we have a simple web database set up for testing, but we're worried about how to manage user data once our app is live.
The app keeps results locally on the user's device, which raises concerns about data loss if a device is lost or if the app is deleted. We aim to facilitate long-term data tracking for users, similar to games that allow you to restore progress. How do we do this securely? Do we need extra infrastructure for our data storage, and what are the best practices we should follow? Any guidance or resources would be greatly appreciated!
5 Answers
You'll want to set up a cloud database where you can keep the data indefinitely. Something like Firebase or Azure SQL could work well. Your app needs to communicate with this backend to store and retrieve data. It's important to make sure you research the best practices for handling sensitive data!
It sounds like you're working on something important! If you're in the US, you'll need to consider HIPAA compliance since it involves sensitive health data. It'll likely require you to use a specialized service from major cloud providers like AWS or Azure. For basic setups, simple encryption before uploading is crucial. This means encrypting data on the client side and then storing it in the cloud. Check out how password managers handle this for a good reference!
Sticking with a web database for now is probably best! Just remember, security is key—make sure to sanitize user data and validate everything on your server. You’ll also want to familiarize yourself with authentication mechanisms. Always encrypt passwords with something like bcrypt and consider using token-based authentication to manage user sessions safely. Keeping user info secure can get complex, but it's essential!
For your app, you have two paths: use a web database that requires ongoing online access, or switch to using local storage on the device like SQLite. If you choose local storage, consider asking users for a passphrase to encrypt the data, allowing them to restore it later if needed. Just be cautious about managing those passphrases; forgetting them can lead to frustrated users!
If you want to keep things private and local, think about leveraging the user's personal cloud account (like iCloud). This way, app data stays on the cloud as a folder, syncs easily, and remains available across devices—just be careful not to have users delete it! You can also opt for SQLite for local storage if that fits your needs better.
Absolutely! Breaking things down into simple steps is key. Also, it's wise to keep an eye on how you manage user sessions and data.