User data invisible for me

Hi everyone !
I need your help please.

Now, I created for myself and my friends a little tool to analyze our moods and dreams. But I don’t want to see the moods and dreams of my friends in the Bubble’s appa data.

Have you a solution please ?

Thank’s a lot !

You could encrypt data to li save to the DB. Let the user choose their own :salt:

is ‘li’ a plugin tool?

How is this done? Is it using a plugin?

It would only obfuscate the data, but op could still get the salt from each user in the db and un-salt the values. Better than doing nothing i guess.

What if the salt was entered by the user as an unlock mechanism in addition by passing the salt with their password?

Im most likely using the terms incorrectly. Sorry for any confusion. I was looking at this a while back with encryptionjs

I think the word I was looking for is key perhaps.

This library offers encryption by passing a piece of data and key. The key doesn’t need to be saved, just remembered by the end user.

The main problem is where to store the token. If its stored in state, it will go away at each refresh / new page and the user will need to write it again. If its stored on the user item, op can see the value and use it to unsalt any value.
It can get really complex really fast, especially if he chooses to include the users password into the mix.
He can make roadblocks that makes it difficult for himself to get the salt, e.g. the value can be stored with a expiration that the code checks before un-salting any data. But that is still a roadblock put there by himself that he can remove if inconvenient. Also you have logged data that might slip up etc.
There is no easy solution, security is hard :slight_smile:

1 Like

Makes sense. And you’re right! I’ve been wondering about this same type of thing. Perhaps a solution will present itself.

This topic was automatically closed after 70 days. New replies are no longer allowed.