Get Started with Databunker

Databunker intro

Databunker was born to address old database problems like data leak prevention via SQL injection and fake database encryption at least for personal and sensitive records.

Even today, in 2021 we hear about personal data leaks happening every day.

Some data leaks require a sophisticated attack to gain shell access to the servers. Some data leaks happen over the web using the SQL injections in the web apps. As a result of SQL Injection attack, your customer data can be dumped and personal data leaked.

Regarding database encryption, let’s face it. Most of the solutions provide a fake sense of security. Data is encrypted on the storage or disk level. In case, your website has an SQL injection, the bad actor will get your data in cleartext.

Instead of talking with Databunker using SQL, your backend will have to call an API function to retrieve specific user details. It is similar to the API of any NoSQL database. Databunker does not have an API to enumerate all users. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).

Saving your records in Databunker complies with pseudonymization as a valid solution to store customer data as defined by GDPR.

Pseudonymized identity

01 Databunker setup

The easiest way to get started with Databunker is to run it as a Docker container:

docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo

This command starts a local container with a DEMO root access key. You can use it for the development or testing. For a production installation, follow this installation guide.

Connecting to Databunker

You can interact with Databunker using:

02 Move your user records to Databunker

Original database schema

Let’s take the following schema as a source and convert it to use Databunker.

Ogiginal schema

Simple strategy.

Remove all personal data columns from the users table and leave it only with original userid/id and add usertoken. The usertoken’ column will point to the user record UUID as generated by Databunker.

Simple conversion

This strategy is good if you have a userid column linked from many tables or you have a very big database. Running the “alter table” command can take a lot of time for your data.

One drawback here is that for each user you have now 2 identities. One userid and another usertoken.

Full database reorganization.

You will have to go all over tables that have userid and add usertoken column. You will need to update the usertoken to point to a user record UUID as generated by Databunker and remove the userid column after that.

Full reorganization

This solution will require more work both on your database level and on your application code.

03 Some usefull Databunker commands

Create a user record

curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
  -H "Content-Type: application/json" \
  -d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'

Fetch user record by email

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com

Fetch user record by login

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Other commands:

For a full list of commands, follow the API document.

04 Node.js examples

  1. Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login

  2. Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example

  3. Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/#databunker-support-for-nodejs

Node.js modules

  1. @databunker/store from https://github.com/securitybunker/databunker-store

  2. @databunker/session-store from https://github.com/securitybunker/databunker-session-store

Support / Contact

Slack Channel