Encrypt database

Thanks for the response @Jici. And do you know How I actually do this? I have no development experience.

Thank you

I suggest you to have a look at this first: https://bubble.io/plugin/encodedecodeencryptdecrypt-1514075690144x615543585510522900

Well… hate to be the one to pop the balloon, but please take a look at this before deciding to go that way:

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/

Not exactly the same case.
I believe that the initial request here is to avoid backend user to be able to read data from the App Data tab. I think this can be achieved this way. The real security is handled by Bubble.

BUT… I’m thinking that… Bubble have a feature: Log in as user… So if the backend user click on it… he will be able to view data in the frontend using this way anyway…

You can split your encryption key between Bubble and some other nanoservice. I use Webtask but they no longer accept new users.

1 Like

Its no problem for the backend user to see his own user information in the front ui, as long as he’s logged in with his credentials.

I’m basically trying to put user privacy content as one, if not the most important features of the app. This means no one except users who sign up can see their own data. I or any other employee building the app should not be able to see any private user data held in the app, whether its in the database or anywhere else.

This is the statement on the app that I am trying to achieve:

Securing Your Data at Rest
Within our systems, all your data is stored using AES-256 encryption.

Our strict internal procedures prevents any employee or administrator from gaining access to your account or data as it is encrypted.

Can I achieve this in bubble, storing all data using AES-256 encryption?

Thank you

1 Like

So… Encrypt externally and store on bubble or store on some other database.

2 Likes

Thanks NigelG.
Any direction, tutorial, documentation on how I can do that, store it encrypted on another database? How can I retrieve it to display it on the UI for each user that logs in. I have no idea where to start. Do I choose amazon or google or something else for my database how do I set it up as an encrypted database. I pretty much need help with everything.

Thanks

Following. This will be great if bubble database has this option not just for the password but also other fields

5 Likes

The field would be an API call to the decryption service, rather than the field itself.

The decryption service would hold the key.

You could use this as the basis.

1 Like

Although it seems a little complex, thanks @NigelG . I’m not a developer so I will try my best.

I also saw this,

I don’t know if I can do anything with it. Does this do the same thing? Anyone tried it?

The issue with that (and it is a much simpler solution) is that you will have the encryption key in your Bubble app.

If you are OK with that, then go for it.

1 Like

I understand from your message that the encryption key should be somewhere else for better security, right?

If you are just trying to stop someone casually seeing the data, then that would be fine.

In that case you don’t even need to encrypt it that much.

But if you are trying to protect the data from someone who has data view access - then they can simply decrypt as the key will be in the plugins.

1 Like

@NigelG Maybe I’m wrong, but that wouldn’t happen if you running a server-side plugin.

No, that is true. But it still needs a little bit of code.

It’s just about how secure you want it.

I want to make sure no one who has access to the database can view the data. I also want to make sure the data is safe in case someone were to hack the website and get access to the database. Yes I guess I want it very secure as it will hold very personal user information.

Does anyone know how to do this for a non coder? Sorry, I don’t have a technical background and I have no idea about setting up server side or client side plugins. Is there a simple tutorial?

Is there anyone out there who is prepared to teach me step by step how to do this, with an example, so that I can then do the same when I need to do it again. I know there are already some freelances to do this kind of thing, but are there any freelances that do the job and teach you at the same time? This could be good for a business haha… personal tuition…

Thanks

1 Like

Hello again! There’s no way you can implement what you want within Bubble.

I can look at this tomorrow for you, it should be fairly simple but then I always say that :laughing:

That would be great @NigelG! I am curious to understand how you do this.