Getting Started with Databunker

Databunker intro

Personal data leaks in 2021 happen every day. Databunker product was born to address exactly the data leak problem via SQL injection and fake database encryption problem for personal and sensitive records. In addition, our solution is fully GDPR compliant.

Let’s take a look at the data leaks. Some require a sophisticated attack to gain shell access to the servers and then to the database. Some data leaks happen over the web using SQL injection vulnerabilities in the web apps. As a result of an SQL Injection attack, your customer data can be dumped in cleartext and personal data leaked.

Regarding database encryption, let’s face the truth. Most of the solutions provide a fake sense of security. Data is encrypted on the storage or disk level. In case, your website has an SQL injection, the bad actor will get your data in cleartext.

Solution with Databunker

Instead of talking with Databunker using SQL, your backend will have to call an API function to retrieve specific user details. It is similar to the API of any NoSQL database. Databunker does not have an API to enumerate all users. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).

Saving your records in Databunker complies with pseudonymization as a valid solution to store customer data as defined by GDPR.

Pseudonymized identity

1. Databunker setup

The easiest way to get started with Databunker is to run it as a Docker container:

docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo

This command starts a local container with a DEMO root access key. You can use it for the development or testing. For a production installation, follow this installation guide.

Connecting to Databunker

You can interact with Databunker using:

2. Move your user records to Databunker

If you want to use Databunker in your existing project you need to move customer data to Databunker.

Original database schema

Let’s take the following schema as a source and convert it to use Databunker.

Ogiginal schema

Use a simple method.

Remove all personal data columns from the users table and leave it only with original userid/id and add usertoken. The usertoken’ column will point to the user record UUID as generated by Databunker.

Simple method

This method is good if you have a userid column linked from many tables or you have a very big database. Running the “alter table” command can take a lot of time for your data.

One drawback here is that for each user you have now 2 identities. One userid and another usertoken.

Full database reorganization.

You will have to go all over tables that have userid and add usertoken column. You will need to update the usertoken to point to a user record UUID as generated by Databunker and remove the userid column after that.

Full reorganization

This solution will require more work both on your database level and on your application code.

3. Some usefull Databunker commands

Create a user record

curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
  -H "Content-Type: application/json" \
  -d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'

Fetch user record by email

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com

Fetch user record by login

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Other commands:

For a full list of commands, follow the API document.

4. Node.js examples

  1. Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login

  2. Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example

  3. Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/#databunker-support-for-nodejs

Node.js modules

  1. @databunker/store from https://github.com/securitybunker/databunker-store

  2. @databunker/session-store from https://github.com/securitybunker/databunker-session-store

5. Support / Contact

Slack Channel