I’d like to build an app that relies heavily on messaging and transferring content from one user to another. I would like it to be as secure as possible, from both unauthorised 3rd parties (such as hackers) and also from my own employees - does Bubble support this? I don’t think it does, because I can always go into the ‘App Data’ area and see exactly who has uploaded/sent what and to whom.
Please let me know as I need my potential clients to be 100% sure that their content and messages are secure. I would like to use Bubble as an MVP but even then, the users would have to upload their actual data to use it.
Also, is there any specific way of penetration testing? Anyone had any experience with this?
One approach you could take is the same as ProtonMail uses. The difficulty is that the server side of Bubble isn’t offering access to most cryptographic functions. A discussion with Bubble might open that up.
Alternatives …
A. using encryption in javascript, which is very tricky to get right.
B. partially using a non-Bubble server.
I’d recommend using a different backend to store data. Maybe set something up with Firebase or AWS and pull and push all account data through the APIs?
You can make it so that collaborators can’t see your live data, only your account. So if you are worried about access from “inside”.
Bear in mind that the Bubble data is encrypted anyway.
However, if you want to encrypt it again, you could do it with an External API. That way if your bubble data is compromised, you have the “key” completely separate.
