Getting Started with Databunker

Databunker intro

Personal data leaks in 2021 happen every day. The Databunker product was born to address exactly this problem. The Databunker was built to prevent sensitive record exposure via SQL injection and unfiltered GraphQL queries. The product provides an alternative solution to false database encryption for personal and sensitive records. In addition, our product is fully GDPR compliant.

Let’s take a look at the data leaks. Some require a sophisticated attack to gain shell access to the servers and then to the database. Some data leaks happen over the web using SQL injection vulnerabilities in the web apps. As a result of an SQL Injection attack, the attacker will extract personal data of all your users in cleartext from the database.

Regarding database encryption, let’s face the truth. Most of the solutions provide a fake sense of security. Data is encrypted on the storage or disk level.

In case, your website has an SQL injection, the bad actor will get your data in cleartext.

Solution with Databunker

Instead of talking with Databunker using SQL, your backend will have to call an API function to retrieve specific user details. It is similar to the API of any NoSQL database. You can only lookup user records if you know his email address, phone number or a unique token id.

By default, Databunker does not allow to enumerate user records. This API call is disabled by default. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).

Saving your sensitive records in Databunker complies with pseudonymization as a valid solution to store customer data as defined by GDPR.

Pseudonymized identity

1. Databunker setup

The easiest way to get started with Databunker is to run it as a Docker container:

docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo

This command starts a local container with a DEMO root access key. You can use it for the development or testing. For a production installation, follow this installation guide.

Connecting to Databunker

You can interact with Databunker using:

Web Console listening on port 3000: localhost:3000
REST API listening on port 3000: localhost:3000

2. Move your user records to Databunker

If you want to use Databunker in your existing project you need to move customer data to Databunker and adapt your database schema to use usertoken.

Original database schema

Let’s take the following database schema as a source and convert it to use Databunker.

Ogiginal schema

Method 1: simple database reorganization

Using this method will require you to modify only the users table. You will need to remove all personal data columns from the users table and leave it only with original userid/id and add usertoken. The usertoken' column will point to the user record UUID generated by Databunker.

Simple method

Advantages of this method

This method is good if you have a userid column linked from many tables or you have a very big database. Running the “alter table” command can take a lot of time to update your database structure.

Disadvantages of this method

One drawback here is that for each user you now have two identities. One userid and another usertoken.

Method 2: full database reorganization

You will have to go all over tables that have userid and add usertoken column instead. The usertoken is user identity in UUID format generated by Databunker.

Full reorganization

This method will require more work both on your database level and on your application code.

3. Some usefull Databunker commands

Create a user record

curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
  -H "Content-Type: application/json" \
  -d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'

Fetch user record by email

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Other commands:

For a full list of commands, follow the API document.

4. Node.js examples

Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login
Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example
Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/#databunker-support-for-nodejs

Node.js modules

@databunker/store from https://github.com/securitybunker/databunker-store
@databunker/session-store from https://github.com/securitybunker/databunker-session-store

5. Support / Contact

Slack Channel

Last updated on May 5, 2019