Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Sensitive data stored in unencrypted database #2785

Open
emikolajczak opened this issue Jan 12, 2021 · 3 comments
Open

[Security] Sensitive data stored in unencrypted database #2785

emikolajczak opened this issue Jan 12, 2021 · 3 comments
Labels
👍 improvement

Comments

@emikolajczak
Copy link

Description:

We have own white label app version based on single-server branch. After our security tests was noticed that Android application uses database to store messages inside server-name-experimental.db.db and this file is unencrypted and sensitive data can be accessed. Did you consider to encrypt this database?

Environment Information:

  • Rocket.Chat Server Version: 3.6.3
  • Rocket.Chat App Version: 4.11
  • Device Name: All
  • OS Version: Android

Steps to reproduce:

  1. Embedded server-name-experimental.db.db is unencrypted

Expected behavior:

Consider to encrypt this database

Actual behavior:

Embedded server-name-experimental.db.db is unencrypted

Additional context:
@diegolmello
Copy link
Member

It's a work in progress on the database lib Nozbe/WatermelonDB#907

@emikolajczak
Copy link
Author

Hi, thanks for the reply. Do you plan to implement encryption in rocket app database after implementation in database engine?

@diegolmello
Copy link
Member

Sure.
It's implemented by default on iOS already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👍 improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@diegolmello @emikolajczak