Encrypt database

Is there a way to include NPM functions in AWS Lambda, or do you have to do it locally and zupload a .zip ?

i haven’t really this encrypting/decrypting with all of my data fields. You can use API gateway with Bubble’s API Connector or you can build a plugin for it.

Lambda does have a code editor
https://docs.aws.amazon.com/lambda/latest/dg/code-editor.html

or your can use https://www.npmjs.com/package/node-lambda (I haven’t tried using this)

1 Like

Non modules need to be packaged locally and uploaded to lambda

1 Like

Thank you. That is what I had feared. I tried Stackery.io to simplify but I got very lost.

From reading around the subject, what I am trying to do (and several other nocoders too) is not at all aligned to how Lambda and Firebase processes work for coders :slight_smile:

I basically want to type the code into an online editor, run it a couple of times, and bingo. Rather than test it all locally and finally deploy it all at once via github.

Webtask was perfect for this. Server side functions should be the answer but just aren’t.

All I really want to do is wrap an NPM module in an API had have it cloud hosted.

The search continues !

Sure. The “longer” answer is, that you can build “layers” in Lambda that can be re-used. A layer is a zip-file with packages that you upload so that you can use it in more than one function. There are also community layers with the most common npm modules so that you dont have to package the modules yourself.

Another solution I have tested for a bit is https://pipedream.com. I think that might be an ideal combination of developer/no-coder platform as workflows can be made by drag-n-drop, but you still have the option to mess with the code if you want to. I dont know if it work with all npm modules though.

2 Likes

For anyone who is interested, Bubble have finally added a feature to remove the “Run as”.

(8/25) For collaborators on your app, there’s a new permission level for accessing the data of your app that lets the collaborator see the data, but not use “Run as”. @zoe

3 Likes

Thanks for auto following your issue :slight_smile:

@mangooly, did you ever work out a solution to this issue? I have the same challenge. My users don’t want me to be able to “peek” at their data.

Hi @tom10

As mentioned in my earlier post, you can remove the ‘Run as’ option for collaborators, so that they can look at the database but not use the ‘Run as’ feature or both.

Regards

1 Like

Thanks @mangooly . I’m new to this. So it isn’t obvious to me that this resolves the issue of someone like me being able to see the live data in backend of the database when I’m inside the app editor–which I don’t want to be able to do. I assume from your answer that this resolves that issue.

This only applies to collaborators of your app. App owners have full administrator rights to ‘Run as’ feature.

1 Like

@mangooly Got it. My app helps people to write–novels but also journal entries. I was hoping to wall even myself as the administrator of the app off from the live database because people might not be comfortable with me being able to see what they write. So I don’t think this resolves that issue. Still, thanks for your response. I greatly appreciate it.

2 Likes

Hi @tom10,

I recommend you speak with Bubble as they might be able to find a way or build a feature to also keep you the app owner from accessing your user data.

Regards

1 Like

Thanks, @mangooly. Much appreciated.

Hi @tom10,

I’ve found a way to prevent app owners from looking at their users data, as you put it (wall even myself as the administrator of the app). This means an app owner cannot look at their users data using the ‘Run as’ Bubble feature.

I basically generate a random encrypted code in the URL every time a user logs in and after login I check to see if that code is valid. You have to pass that code parameter In the URL to the page once you login. If it’s valid I show user data to the current logged in user, if its not valid (as in the case with the ‘Run as’) option I don’t show the data to the user. When you use the ‘Run as’ feature it doesn’t generate the code or pass it on to the logged in page in the URL. The codes are generated using the user unique ID and a 45 character random key located in another location (not Bubble).

Of course doing all this wouldn’t be valid if your user data is not encrypted as app owners still have access to the database which is good, because in fact, I still want to have access to my database as there is other data that doesn’t need to be encrypted or is not user related.

Hope this helps you Tom , as it was also important for me as an app owner to not have access to user data. It’s also I think very important in todays society to convey this to your users, that their data is private.

Regards

3 Likes

This doesn’t seem to work at all, as soon as the data is decrypted in the page, you can just run an action to syphon it all into the database unencrypted. You still have access.

Hi @vini_brito,

There are two parts to this. I’ll try to prepare a video or something to explain it.

This part is only explaining how to show user data or not show it, preventing the app owner to load the data using ‘Run as’.

The actual data is encrypted and decrypted using a different process.

EDIT: @vini_brito I would actually love to try this out with you to see if you are capable of seeing user data…

1 Like

Hahah alright, well, private message me some way to test it and I can see if there’s indeed a way to scoop the data
Specifically, editor access, I’d need to be able to install a plugin and run a workflow in the page.
Can be a new app with the mechanism(s) to be tested, no need to be the sensitive app (:
Like a clone of the app without real database content and any other real key.

1 Like

Hi @vini_brito and @tom10 ,

I wasn’t able to prepare a new app for you to play around with. It was a nightmare, everything broke. API’s don’t work because I wasn’t on the right plan (I’m not prepared to pay more just for a demo). Plugins failed too because I have to buy them again. I didn’t want to give you full access to the app for obvious reasons, so I prepared a demo. Hope it’s useful for anyone trying to build more private Web apps. @vini_brito please remember this demo is only to grant users access to their data and deny access to App owners.

If you want your users data to be private you have to do 3 things,
1/ Encrypt user data and keep secret keys in a different location in case your Bubble app gets compromised.
2/ Remove ‘Run as’ permission to any collaborators. They can still access your data but it will just be random cyphered text.
3/ Design your app to bypass the ‘Run as’ feature for App owners (Demo included).

Regards

EDIT: I know there are other Encryption plugins, but the Zeoqode plugin is the only one that allows you to keep the key in any place and any way, via an API or even multiple dynamic keys. Where as the other plugins only allow you to specify one static secret key and its always located in the Plugin settings.

4 Likes

Yeah, sure, no problem, I totally get it! I expect that in a few weeks I’ll have finished some things and will be able to make a dive into the scenario (:
Anyway, whenever I do, I’ll let you know!

2 Likes