i've read many questions here in SO about Flutter/Firebase encryption and one the most straight forward answers i saw here is:
Is the Firebase sign in method signInWithEmailAndPassword(email, password); use in flutter sends the password hashed?
my question is:
should i need to encrypt the password field of the user's document in cloud firestore users collections?!
passwords are stored in my collections like this:
what should i do to prevent the staff members from seeing our users passwords in plain text like above?!
if i used the encrypt package from pub.dev..i can encypt the entered password in the input field by the user with encryption type "AES"..and then pass the encypted text to the cloud firestore users collection....what if a staff member has access to users firestore collection and saw this encrypted password string ?!
if both of the above questions are logically wrong...should i omit the password field completely from the cloud firestore users collection?!
DO NOT SAVE ANY PLAINTEXT ABOUT PASSWORD. You should NEVER save password without encrypt. For you, for your user.
1.4m articles
1.4m replys
5 comments
57.0k users