Hi,
Im worried about a security vulnerability. I currently encrypt and store sensitive user info in the db. When I need to use it I decrypt but this decrypted value then shows in the logs.
I’m worried about my Bubble account getting hacked and then someone could see the sensitive user info in the logs.
Is there a way to remove the sensitive (decrypted) user info from the logs?
I suggest you giving some more information about your app to get support from the community.
Probably missing more important questions, but try to give much information as possible.
Hey @yusaney1 . Happy to give more info.
This is an issue I’ve recently noticed as well. You can properly protect the data from being accessed by the end-users but any data sent through the API connector after being decrypted is viewable in the actual Bubble logs from the editor under Logs > Server Logs.
Not sure what the correct solution for this is.
We solved @andrewmccalister’s problem by tokenizing their most sensitive data within our vault and leveraging our secure solution such that the Bubble logs never see that sensitive data. More importantly, Bubble app can never get back that sensitive data while still keeping the app 100% operational!
How do you do this?
Hi @xtechaus - we do this by tokenizing the sensitive data and Bubble simply stores tokens. Want to see a demo? If so, please feel free to book a demo from here: https://strac.io
