No, that is true. But it still needs a little bit of code.
It’s just about how secure you want it.
No, that is true. But it still needs a little bit of code.
It’s just about how secure you want it.
I want to make sure no one who has access to the database can view the data. I also want to make sure the data is safe in case someone were to hack the website and get access to the database. Yes I guess I want it very secure as it will hold very personal user information.
Does anyone know how to do this for a non coder? Sorry, I don’t have a technical background and I have no idea about setting up server side or client side plugins. Is there a simple tutorial?
Is there anyone out there who is prepared to teach me step by step how to do this, with an example, so that I can then do the same when I need to do it again. I know there are already some freelances to do this kind of thing, but are there any freelances that do the job and teach you at the same time? This could be good for a business haha… personal tuition…
Thanks
Hello again! There’s no way you can implement what you want within Bubble.
I can look at this tomorrow for you, it should be fairly simple but then I always say that
That would be great @NigelG! I am curious to understand how you do this.
Sorry @vini_brito for not seeing your message. Do you know what is the easiest way to set this up outside bubble? Using Firebase, AWS, Digital Ocean, Caspio, etc… I basically want to encrypt the data before sending it to the database and then decrypt it when I retrieve it.
It’s tricky, not something trivial. For example, this app (completely unrelated to Bubble!) does it: https://standardnotes.org/help/3/how-does-standard-notes-secure-my-notes
I don’t have the expertise to pull that. I think you’d need a different set of tools to build that.
There may be a way to do all this securely. Back in march, we had the following discussion: Base64-encoded HMAC-SHA256 signature?
I have not tested this out, but this may be an answer for you and anyone else.
Step one: Setup Server Side Script to call encryption
Step Two: Setup a password vault to securely store your secret password outside bubble
Try the above out. We’lll get @vini_brito and @NigelG to weigh in their thoughts
Don’t forget what I tell earlier. Even if you find a way to encrypt data outside of Bubble (or even in Bubble DB)… you will have an security issue with the “log in as…” function. You will need to think about another security layer to know if the user come from Backend or is a “real” authenticated user…
Also,
I’m not sure that you will be able to avoid data to appear in the Bubble logs…
I knocked this up in a SS plugin …
function(properties, context) {
console.log('Starting up');
// Create a key
const key = 'real secret keys should be long and random';
// Create an encryptor:
const encryptor = require('simple-encryptor')(key);
return context.async( async function(cb) {
// Normal Code Here
// console.log('Running convert');
encryptor.encrypt('testing', function(error, output, response) {
if (error) console.log( 'Error: ', error );
// console.log( 'ok ' + output );
cb(null);
});
});
}
It parses, but fails to run. Will port it back into a local node instance to see why it doesn’t work. But suspect is an issue with passing the callback. I can never work out how to do that in Bubble properly
Will try a webtask to check it works, and then we can look at fixing it in bubble first.
I think that the logs would only see the encrypted values (as only the front end runs the encrypt/decrypt) but I guess it depends on if the plugin inputs get shown in the log …
Right, here is a webtask URL that does what is needed. You really don’t want to pass every single bit of text externally !! But it can be used to prove a point.
https://wt-nigel_godfrey-gmail_com-0.sandbox.auth0-extend.com/encrypt?input=secret
https://wt-nigel_godfrey-gmail_com-0.sandbox.auth0-extend.com/decrypt?input=bd7a1d49f4dcca856f3dec44fecf7486a65e2ac1f9a8ace4b02552049b23a6bd3d16954a9a18e5fea0d7481e16f7684dS1VKn2P7dJHO4FM4CCVgPQ==
Here is the code. …
// Specify a string key:
var key = 'real secret keys should be long and random';
// Create an encryptor:
var encryptor = require('simple-encryptor')(key);
module.exports = function(context, cb) {
cb(null, encryptor.encrypt(context.query.input));
}
I have no idea why webtask takes a couple of minutes to get working, and bubble’s server side plugin editor is such a torturous route it is really really simple.
The issue here is that, as soon as the decrypted information hits the browser, the Bubble page can send it back unencrypted to someone with edit access to the app, thus violating the “not even WE can see your data!” thing.
If someone with edit access wants, they can just run a “phone home” code at the page with the information they collected and no one will ever even know this is going on.
The other problem is that somehow you’ll have to handle both keys of the encryption, and with that you have the power to decrypt stuff.
It’s tricky to reach THAT level of privacy through encryption.
NINJA EDIT: You can tell the user to do his own manual encryption offline, but then the user would be better off with other more “underground” or p2p apps or just using facebook chat to transport his manually encrypted texts.
This is a long term project and Webtask doesn’t take any more clients. I’m just wondering if the easiest option is to save all data in AWS except for login data (saved at Bubble). Have some service at AWS that encrypts and decrypts (Lamba) the data using an API connected to Bubble?
I have no idea how to do this but It feels as the best longterm profesional option, an option I would be ready to pay if necessary. If someone can help me with any freelancing and any interest in taking on this project please contact me.
Thanks
Yes, and you would not want to do it externally either.
But what you can build in webtask you can build in a Server Side plugin - except that Bubble make it really difficult.
That was just intended to be a proof of concept.
I have this set up working with a Lambda function. I can check it out on Monday if you are willing to wait. I havent used it a lot but i think it works fine
Yes of course. But please be patient with me, I am a non developer. I really need to understand how to set this up from start to finish for dummies.
Thanks
Hi @boostsalesgroup , were you able to look into this?
Thanks
Hey1 I have this script working as a AWS Lambda function.
You need to create a AWS API Gateway endpoint and send your parameters there.
const crypto = require('crypto')
function encrypt(text, password){
const cipher = crypto.createCipher('aes256', password)
var encrypted = cipher.update(text, 'utf8', 'hex')
encrypted += cipher.final('hex')
console.log("Encrypted key: "+encrypted)
return encrypted
}
function decrypt(text, password){
const decipher = crypto.createDecipher('aes256', password)
var decrypted = decipher.update(text, 'hex', 'utf8')
decrypted += decipher.final('utf8')
console.log("Decrypted key: "+decrypted)
return decrypted
}
exports.handler = async (event) => {
var password = "123456789"
var authValue = event["headers"]["Authorization"]
if(authValue == "1234567890"){
const action = event['queryStringParameters']['action']
var text1 = event['queryStringParameters']['text1']
var text2 = event['queryStringParameters']['text2']
var text3 = event['queryStringParameters']['text3']
console.log(password+text1)
if(action == 1){
var text1 = encrypt(text1, password)
var res2 = encrypt(text2, password)
var res3 = encrypt(text3, password)
}
else{
var res1 = decrypt(text1, password)
var res2 = decrypt(text2, password)
var res3 = decrypt(text3, password)
}
}
else{
var res = "Authentication failed! Access key missing"
}
const response = {
statusCode: 200,
body: JSON.stringify({ text1: text1, res2 : res2, res3 : res3 })
};
return response;
};
Is there a way to include NPM functions in AWS Lambda, or do you have to do it locally and zupload a .zip ?