I enjoyed your video on storing passwords securely in Wix and the custom change password forms.
The solution utilizes an Auth collection that contains emails and hashes. Will you comment on how secure the email addresses are in the Auth collection (which can be read by all users) versus the "hidden" collection that Wix uses for members passwords and emails.
Thank you
Hi, Thanks for watching!
There are definatly additional steps that can be taken to secure the data stored.
Making the collection admin access only and handeling all of the querying in the backend using {suppressAuth: true}. Only returning the necessary data to the frontend.
Using encryption on certain fields: https://support.wix.com/en/article/cms-storing-personally-identifiable-information-pii-data
Hope that addresses your concerns! Best, Eitan