Encrypting data for DB. Is there any sense?

As far as I heard, Bubble DB is encrypted by default.

However, I am working on the “Notes” feature and want to add additional layers of security.

There are a lot of notes, and I want to encrypt every note with a Caesar cipher. I created a custom JS plugin. Encryption is done as an Action, using the default static Caesar key value to shift each symbol in the ASCII table. Encryption seems to be secure because it is server-side.

For Caesar decryption, I have to use the plugin element and put it on the page. Therefore, anyone who has access to this element via “Inspect”, can export the HTML of the page and access the element’s code and find the Caesar key value.

And I am concerned about decrypting process with this approach. I don’t have any ideas how to decrypt without an element on the page, I can’t use Action for decryption.

I don’t want to force my users to save Caesar key-value somewhere to use it every time they want to see the note.

Any ideas?

I have encypted bubble data using an external node.js function (running on webtask.io) which had the salt in that module.

So even if you had the key your would need the salt which was not available in Bubble.

Not sure if this helps. The idea is to split out something from Bubble that is entirely separete.

1 Like