Forum Academy Marketplace Showcase Pricing Features

Encrypted storage

Hi!

I’ve been talking to clients and it seems that encrypted data storage is one thing we need - hosting people’s personal details, social security numbers etc in an open database seems like a really stupid idea. Thus, we’d need to encrypt their data at their client with their own password and send some data to bubble servers already encrypted. How could such action be taken?

1 Like

Have you looked at the Data Privacy part of the Data Tab ? Not sure if that helps ?

Blockspring has a couple of encryption blocks, could you use them ?

We don’t have built-in support right now for client-side encryption (ie, where the encryption key is kept in the client’s browser and never sent to the server). If there’s enough interest, that’s something we could consider developing.

3 Likes

This feature is definitely worth development. It enables the option to create secure services - that’s quite a fad nowadays, I hear.
Also, in our case, this will probably be the one decisive point whether to continue with bubble or to switch to something else. If our clients ask for secure and encrypted data storage then we’ll have to make it happen one way or another… I’d really prefer to use bubble - the simplicity is just awesome :slightly_smiling:

1 Like

@josh and @emmanuel
Any news on this one?
If not then what conditions should be met for you to take this feature on?

That’s a pretty significant feature request, so if you want to talk about it please email us and we’ll take if from there.

@josh @emmanuel
What amount range are we talking to sponsor a client side encryption / decryption?

I would see it built up as a plugin.

The core implementation could be quite simple, to have separate input fields (Encrypted input fields) so that encryption/decryption is done on the fly for each change either direction. All the data would be reflected to a bubble pseudo hidden input-field, whom would store the changed data in its encrypted form, this pseudo field would have the STANDARD bubble input field implementation for dataflow (real time etc.), just be hidden.

On any server event with changed data coming back to the user from an external change, the pseudo field would notify the encrypt-field through a decrypt function. Either through an event based implementation or as a listener (onchange).

All decryption would be done via a long encryption/decryption key that could be stored on bubble in its encrypted format.

You would only need a function to generate or decrypt that key on bubble front-end and store it /retrieve it temporarily to/from localstorage. Popup with “Enter your password to display encrypted data”.

Alot of this implementation already exists in native JS / jquery.
See here for inspirations:



http://tiddlywiki.com/ (see under encryption)

What do you think? :slight_smile: