There is a project used by NodeJS and MongoDB. There was a need to secure data as much as possible. How is this possible / better done?
There may be several problems:

  1. The server was hacked, but how not to give rights to copy the database without an additional key or the like?
  2. Base dragged. How to store it in encrypted form so that an attacker could not use it?

    1 answer 1

    No, having received full access to the server, the hacker is likely to find access to your encryption algorithm or keys that you use to retrieve data from an encrypted server.

    And who said that the base must be dragged via ssh or another protocol with vulnerabilities? It can safely be extorted through a method in which you have the ability to execute code in your application (vulnerability)

    Data security can be compromised anywhere and protecting only one side of your lock, the other is sure to break.

    1. Do you have a reliable data center?
    2. Are you sure that you will not steal a hard disk with data?
    3. Are you sure of the security of your application that has direct access to the data?
    4. Can there be other applications that have vulnerabilities? First of all, is your computer, which has access to the server, protected from viruses?

    The basic rule is that the server with the database should be located separately from other applications and allowed access to it only from the internal network. In the application itself, you need to check that the user does not have the ability to execute some of his code on the database and the server on which the application is protected from external attacks, at least from attacks that allow to get uncontrolled remote execution of program code from root.

    Of course, you can deploy your database in a cryptocontainer , encrypt everything in 50 keys, put a system that will track suspicious requests and logins, but what will be the cost of owning all this? Are these data worth the expenses that you will have each month?

    It may be better to adhere to the basic rules and forget about the paranoia that your data can always be dragged away and try to make decisions that pull extra costs.