Created
January 23, 2020 15:16
-
-
Save sarjarapu/2ec01040785fae598d9c8f672ef6142b to your computer and use it in GitHub Desktop.
A JavaScript to show the possibility of clients not using client-side field level encryption may still be able to accidentally insert plain text data.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Insert another document from plainDB object with plain text. | |
| // Remember the previous inserts were on csfleDB object (with Field-Level encryption options) | |
| plainDB.getCollection("patients").insert({ | |
| "_id": 3, | |
| "medRecNum": 3, | |
| "firstName": "Jason", | |
| "lastName": "Doe", | |
| "ssn": "333-33-3333", | |
| "mobile": "333-333-3333", | |
| "comment": "Jason Doe SSN/Phone should have been encrypted, but the app/dev forgot to do so." | |
| }); | |
| plainDB.getCollection("patients").findOne({"_id": 3}); | |
| // You could see that data is stored in plain text because | |
| // someone happened to insert plain text by mistake | |
| /* | |
| { | |
| "_id": 3, | |
| "medRecNum": 3, | |
| "firstName": "Jason", | |
| "lastName": "Doe", | |
| "ssn": "333-33-3333", | |
| "mobile": "333-333-3333", | |
| "comment": "James Bond SSN/Phone should have been encrypted, but the app/dev forgot to do so." | |
| } | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment