šŸ•µļø Storing sensitive data: how safe is it?

Hello fellow Bubblers :wave:

A friend and I are working on a project where we will be storing a bunch of personal data from our users.
That could include birth date, ID card, social security number, administrative documents, logins to other web services and more.
We are based in Europe.

We love :sparkling_heart: Bubble but are wondering if it is a good fit from a security standpoint.
And if so, what measures we should take to protect these info.

So, is Bubble okay for storing sensitive info? :thinking:

Iā€™m also using this post to sum up what Iā€™ve read here and there on the forum, for other Bubblers to use.

We know that:

  • HTTPS / SSL encryption is available on paid plans, to secure the info between the userā€™s browser and the database
  • The database is encrypted at rest, on AWS RDS, which has ā€œstate-of-the-art securityā€. In addition, usersā€™ passwords for our Bubble apps are stored separately, salted and encrypted, by Bubble (this is why you donā€™t see them in your database, only the userā€™s email)
  • Privacy roles is the layer to take care of to secure the data
  • Bubble is not yet PCI Compliant. (But weā€™re not storing credit card information. Weā€™ll probably use Stripe)
  • Bubble is not yet HIPAA Compliant. (But weā€™re not storing medical information)
  • Bubble is on itā€™s way to become GDPR compliant, which also impacts their relation to their sub-processors. Also see Data Processing Agreement

Interesting threads on the subject:
Thanks to them! :raised_hands:

Specific questions:

  • I read and agree that ā€œstoring passwords in plain text is bad practiceā€ and that we could use some ā€œsalting and hashingā€. How do we achieve that? And why not apply that to all the data?
  • If storing personal data in Bubble is an overall bad idea, how should we proceed? Using a third party (which? how?)? Using another platform than Bubble? Eating a taco :taco: and relaxing?
  • Could one build a password manager (such as KeePass, LastPass and co) on Bubble? If not, why not?
  • Is there a way for us not to see the data stored in our database (meaning only the user can access it and if they lose their ā€˜keyā€™, then itā€™s lost)? Iā€™m thinking something like this. But since Bubble employees can see the data, I guess not.

Other security thoughts for Bubblers:

  • Have workflows to re-direct unauthenticated users
  • Use a strong admin password and encourage your users to use strong passwords and store them properly
  • Have the data backed up
  • Keep your bubble app up-to-date (updates)
  • Every action is logged (see your Logs) which enables audit if needed
  • Look into Bubbleā€™s uptime guarantee (in case thatā€™s a concern)
  • Have a contingency plan in case your team dies during your basejump team-building week-end. Just as Bubble do

:bulb: Idea:
I would suggest Bubble to provide us with a page with a list of these security features and a text we could use in our apps to provide security info to our users.
Heads up to @emmanuel & @josh :star_struck:

Thanks if you read it to here! Any comments and thoughts more than welcome!

14 Likes

Hi Luc,

Iā€™m also interested in learning more about adding additional security around sensitive data. Your points made in ā€œWhat we Knowā€ mirror what Iā€™ve also read and heard. However, I would still like to harden my security around certain sensitive fields such as Names, SIN, as an example. Three tools that Iā€™ve seen that may be able to help are:

1) Encoder / Decoder Plugin by Zeroqode - This plugin provides various encoding types such as AES, H5265 JWT, HMAC-SHA256, to name the most secure. Iā€™ve had this plugin installed for half a year, but just started using it to encrypt my sensitive data with the pluginā€™s AES algorythm. However, I donā€™t think the plugin actually works. Iā€™m not able to see any ciphertext output to save to my database. There isnā€™t a demo with the plugin nor any documentation. Iā€™ve also reached out to @levonā€™s team for assistance, just waiting to hear back.

2) Hash & HMAC Encryptor Plugin for Bubble - another plugin recently created by Zeroqode. Seems to be similar to the aforementioned plug, but a larger list of SHA-1 hash algorithms. I tried the demo, canā€™t get it to work as itā€™s in read-only mode and wonā€™t allow me to enter inputs and run one of the algorithms on it.

3) Built in Bubble :formatted as HMAC SHA265 algorithm. Please see the screen shot below. Bubble limits you to HMAC SHA256 and HMAC SHA1 has algorithms. the also note that itā€™s safer to API your text input that you want ciphered so vs keeping it in a regular workflow, as a reqular workflow can be comprised by an attacker, thus your secret key exposed.

  1. Having Bubble create a ā€œsecured textā€ field type, which will provide strong crytpo on a string of text (i.e. AES) which a shared key. Iā€™ve requested this with the Dev team.

What are other bubblers doing? Is there a way to add that one additional level of security to your strings just in case our database gets compromised? Whatā€™s the best solution / best practices? We donā€™t want to end up like Equifax where everything is in the clear.

Thank you -

Hi Gilles,

Thanks for joining the conversation and mentionning these interesting options :slightly_smiling_face:

I have encountered some of them but havenā€™t tested yet since Iā€™m not sure if itā€™s necessary / whatā€™s the use case, and how to use it.

To my understanding, the question comes down to:

1. What kind of data can we store in Bubble as is and where should we draw the line?
2. If one wants to add an extra layer of security (in which cases?), whatā€™s the best procedure?

1 Like

Update: conversation is continuing there: Josh: Request for a Security Q&A Guide