High Level Architecture

[isyedaliraza]

What should be the high level architecture of the system?

[isyedaliraza]

[isyedaliraza]

Looking at the above diagram, we need to discuss the following points

• How the data will flow between server and application? Keeping in mind that this is sensitive data and the internet is not a safe place.
• Is this a good architecture or we should consider using Microservices?

If you have any other points feel free to discuss them as they come in your mind.

[uzair-hameedd]

Where we placed master key though which we manage password app? I suggest it will be placed in config files just like I did for for alumni db password in web.config file.

[isyedaliraza]

The master key will be the user's password and only the user has the master key to decrypt his data. Even us we can't view someone's passwords although we are the engineers of the app.

[isyedaliraza]

I feel like we should not use any server client architecture for our app. Let me explain it to you, if we kept the data on a server still its someone's data living on someone else's machine. So what I propose is that we don't use client server architecture for our App. Now the question arises if we don't use the client server architecture then what do we use? The answer to this question is that we go server less which means that we write the user passwords and data on a text file and then encrypt the file and keep it on user's device. And when we need to read the passwords we decrypt the file and we read the data. In this way the data will be secured and it will live on user's own device. We should also give user the option to upload his encrypted password file to a cloud storage service e.g. dropbox, google drive etc.

Feel free to ask if you have any questions or something better to share.

[isyedaliraza]

I think that having a client server architecture will cause no harm and the above point is not satisfactory to reject the use of client server architecture. Because we can store the encrypted file with user passwords on our servers which will be secure as well. I am only concerned about the security of user's data.

[isyedaliraza]

The only advantage of having the client server architecture is that we will write our business logic once in the APIs and then we can reuse the APIs in different platforms e.g. if in future we wanted to have a web version of our application then we can simply use the same backend logic and link it to the web frontend.

[isyedaliraza]

I think that the mentioned architecture #2 (comment) seems ok and we should go for it

[isyedaliraza]

@Waqas-Muhammad