Hi everybody! I’m planning on creating a website that uses a database to remember people’s passwords, but I was wondering if the keys in ReplitDB are open for anybody to see or if they are exploitable easily. If ReplitDB isn’t secure, can somebody please tell me another easy to use database that will somewhat protect these keys?
Thank you.
1 Like
I think it has a secure URL under the format https://kv.replit.com/v0/<code>, where <code> is a long string of numbers that is impossbily hard to guess. The only way someone would be able to access the database is if you give them the URL.
And, since you said it’s a website, it will be even more secure, since then people can’t access the console and modify the database.
TL;DR: It’s pretty much secure.
4 Likes
Where would you find this code?
1 Like
It is in the environmental variable $REPLIT_DB_URL. You yourself don’t need to know this code to use the dtabase however.
No, it is not secure at all. If you need to store any data that you don’t want people getting their hands on you need to encrypt/hash it.
3 Likes
@InvisibleOne Wait this is completely different than what @element1010 said and I’m very confused. How can somebody obtain the keys?
1 Like
Apparently the mods don’t like people telling other people how. But people can access values in your database so don’t consider them secure, hash/encrypt any values that you don’t want other people knowing
2 Likes
If you have values you don’t want other people knowing, then they should be in secrets…
2 Likes
You shouldn’t be using Secrets to store passwords. It’s better to hash them and then store them in ReplitDB. That way, even if somebody gains access to the database they still don’t know the passwords.
2 Likes
I didn’t read the original post, so I didn’t know they were storing passwords 
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.