Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialJenny Swift
21,999 Pointsprivacy policy for my web application
Hi, I’ve made a web application and currently the only people using it are me, my brother and a close friend. I’m hoping to get more people using it soon but I’m concerned about their privacy because I can see the data they enter in my database.
Is this normal/acceptable or should I be encrypting every column in my database or something? (I imagine this would be overkill and make coding more difficult.)
Do I need a privacy policy? If I don’t have one am I at risk of getting sued? If the answer to that is ‘yes,’ what would my privacy policy need to contain to eliminate that risk, please?
1 Answer
Ricky Catron
13,023 PointsI think it depends on the data they are entering. If you can see their password FIX THAT NOW. Use a hashing library to hash the password then when they enter it, hash what they enter and compare it against the result in the database.
For personal data I would recommend encrypting that simply for liabilities sake. I do not know the business side of this but I hope no one has tons of my unencrypted data stored somewhere. If you are worried then there is a reason and you need to address it.
Encrypt the data or hash it, depending on its use. Let your users know what data you are saving via some kind of privacy policy. Filter input and escape output in all database interactions in order to prevent data from being stolen(this includes info from the database, #1 don't trust user data, #2 don't trust anything that was user data). Make sure all library's are up to date and secure by industry stands (aka if using PHP use PDO or MySQLi instead of MySQL).
Goodluck! --Ricky
Jenny Swift
21,999 PointsJenny Swift
21,999 PointsThanks! :)