Daily occurrences of personal data leaks stresses the need for robust security measures. That’s why we created Databunker – a secure storage system designed specifically for safeguarding Personally Identifiable Information (PII), Protected Health Information (PHI), and customer records. It was built to prevent sensitive data exposure via SQL injection and unfiltered GraphQL queries. The product provides a better solution to a regular database encryption provided by Database or Cloud vendors. In addition, our product is fully GDPR compliant.
Let’s be honest about database encryption; most solutions provide only a false sense of security. Data is typically encrypted solely at the storage or disk level. If your website falls victim to SQL injection or has incorrectly filtered GraphQL queries, malicious actors can easily access your data in plain text.
Solution with Databunker
Instead of talking to Databunker using SQL, your backend will have to call an API function to retrieve specific user details. It is similar to any NoSQL database API. You can only lookup user records if you know his email address, phone number or unique user ID (UUID token).
By default, Databunker does not allow dumping all user records at once. This API call is disabled. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).
1. Databunker setup
The easiest way to get started with Databunker is to run it as a Docker container:
docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo
This command starts a local container with a
DEMO root access key. It can be used for testing and development. For a production installation, follow this installation guide.
Connecting to Databunker
You can interact with Databunker using:
2. Move your user records to Databunker
If you want to use Databunker in your existing project you need to move customer data to Databunker and adapt your database schema to use
usertoken (using UUID format).
Original database schema
In this example, we’ll convert the following database schema to use user records stored in Databunker.
Method 1: simple database reorganization
Using this method will require you to modify only the table of
users. You will need to remove all personal data columns from the
users table and leave it only with original
id and add
usertoken' column will point to the user record UUID generated by Databunker.
Advantages of this method
This method is suitable if you have a
userid column linked from many tables or you have a very large database. Running the “
alter table” command can take a lot of time to update your database structure.
Disadvantages of this method
One drawback here is that each user now has two identities. One
userid and another
Method 2: full database reorganization
You will have to go all over tables that have
userid and add
usertoken column instead. The
usertoken is user identity in UUID format generated by Databunker.
This method will require more changes on your database level and in your application code.
3. Some usefull Databunker commands
Create a user record
curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
-H "Content-Type: application/json" \
Fetch user records by email
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:firstname.lastname@example.org
Fetch user records by login
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john
For a full list of commands, see the API document.
4. Node.js examples
Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login
Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example
Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/#databunker-support-for-nodejs