Encrypt all information going in and out of the database.
End-to-end encryption. Or, E2EE.
Should be, ironically, sort of easy with middleware. Information in the database really doesn't have to be encrypted though, I don't see the point in that.
So for every POST request, encrypt it on the client. This is important, data should never leave the client decrypted. Then, when receiving the data on the server, decrypt it using the authorized decryption key. After that, it should be business as usual.
Either middleware, or, just a server util and regular util that you can pass any generic data to for encryption/decryption.
Encrypt all information going in and out of the database.
End-to-end encryption. Or, E2EE.
Should be, ironically, sort of easy with middleware. Information in the database really doesn't have to be encrypted though, I don't see the point in that.
So for every POST request, encrypt it on the client. This is important, data should never leave the client decrypted. Then, when receiving the data on the server, decrypt it using the authorized decryption key. After that, it should be business as usual.
Either middleware, or, just a server util and regular util that you can pass any generic data to for encryption/decryption.