What are some do's and dont's when making canister calls from one canister to another?

I’m building an app where users make accounts using usernames and passwords. I’ve created a main canister that creates a new canister for each user that creates an account on my app. the main canister also routes returning accounts to their respective canister upon logging in.

my question is motivated by the fact that I have to hash user passwords before storing them. I’m thinking of hashing and storing the user passwords in the main canister, and then when a user logs in, I would compared the hash of their mnemonic password with the hashed password stored in the main canister. upon successful comparison, users would then be routed to their canister, using their username as the inputted argument when calling the actor class that stores their account data.

my concern is if using the username as the required argument for retrieving a user’s canister could result in a user’s canister being breached?

a malicious actor would merely have to make a canister call to the actor class I made that stores individual user data. just put the username in as an argument and call the actor class and they’ll have all the user’s data.

does the internet computer perform encryption on the messages being sent in canister calls behind the scenes that makes this sort of attack infeasible? any insight that you can give helps.
thanks in advance!

1 Like

You can just do some basic authentication on the user canister. For example, only calls from the main canister (and/or the user’s Principal) are allowed. Encryption shouldn’t be involved.

Personally, I feel like the username-password model is somewhat antiquated and not the best fit for IC apps. Public key authentication is the future.