Nigel! I was hoping you would chime in
I see, so really the current “securest” way to integrate 3rd party services for multiple users via their API keys is to use Oauth2. Store the temporary token in plain text. Refresh it as they need it.
Assuming a bad actor obtains short lived access to my application
Zues forbid, if someone gained unauthorized control of my bubble application, then they could commandeer OAuth2 tokens saved in plain text. But, because the tokens need to be refreshed and are scoped to my application, a bad actor could at most use them only from my service. So they would have to not only have access, but for long enough to write custom code
which would have to execute on my app in production. As a result, they would have to push an update, which would at least leave a trace. Assuming the breach is detected quickly and I still have access to my application, then I change my passwords / editor access permissions PLUS roll back the update. At this point, the breach has hopefully been fully contained. wait a minute that’s not true. Couldn’t someone potentially write malicious logic on the development version of my application. Then copy over OAuth2 tokens from the live database to development and execute their logic against those tokens? All without pushing anything into production?
Anyway, in general, if a bad actor locks me out of my bubble application, then I’m assuming I need to immediately notify Bubble of the breach for my application to be turned off / restarted from a pre-breach save point? What’s the process look like (does Bubble do anything to confirm it’s really me asking for a reset instead of a bad actor)?
Assuming a bad actor pushes an update that has done malicious things for a few hours or days
Correct me if I am wrong… but the damage is done?.. if they took actions with OAuth2 tokens on my hypothetical customer’s Plaid, Coinbase, insert other financial service, account, then that’s irreversible? Best I can do is remove the malicious workflows (plugins, whatever it may be)?
Standing back a bit
Am I crazy for asking these questions? Because I’m under the impression that these are table stakes considerations for building any SaaS… not just one one bubble. When it comes to security, it’s not a question of “If a breach” will happen but “when a breach happens” and I want to be confident that my app is built in a way and I have protocol in place to limit those liabilities. … Please no one tell me that security should be an after thought one day when maybe my application has lots of users.