Databunker intro
Daily occurrences of personal data leaks stresses the need for robust security measures. That’s why we created Databunker – a secure storage system designed specifically for safeguarding Personally Identifiable Information (PII), Protected Health Information (PHI), and customer records. It was built to prevent sensitive data exposure via SQL injection and unfiltered GraphQL queries. The product provides a better solution to a regular database encryption provided by Database or Cloud vendors. In addition, our product is fully GDPR compliant.
Let’s be honest about database encryption; most solutions provide only a false sense of security. Data is typically encrypted solely at the storage or disk level. If your website falls victim to SQL injection or has incorrectly filtered GraphQL queries, malicious actors can easily access your data in plain text.
Solution with Databunker
Instead of talking to Databunker using SQL, your backend will have to call an API function to retrieve specific user details. It is similar to any NoSQL database API. You can only lookup user records if you know his email address, phone number or unique user ID (UUID token).
By default, Databunker does not allow dumping all user records at once. This API call is disabled. Databunker encrypts customer records and builds a secure search index for quick user lookup (i.e. using email, token, etc…).
1. Databunker setup
The easiest way to get started with Databunker is to run it as a Docker container:
docker run -p 3000:3000 -d --rm --name dbunker securitybunker/databunker demo
This command starts a local container with a DEMO
root access key. It can be used for testing and development. For a production installation, follow this installation guide.
Connecting to Databunker
You can interact with Databunker using:
- Web Console listening on port
3000
: localhost:3000 - REST API listening on port
3000
: localhost:3000
2. Move your user records to Databunker
If you want to use Databunker in your existing project you need to move customer data to Databunker and adapt your database schema to use usertoken
(using UUID format).
Original database schema
In this example, we’ll convert the following database schema to use user records stored in Databunker.
Method 1: simple database reorganization
Using this method will require you to modify only the table of users
. You will need to remove all personal data columns from the users
table and leave it only with original userid
/id
and add usertoken
. The usertoken
' column will point to the user record UUID generated by Databunker.
Advantages of this method
This method is suitable if you have a userid
column linked from many tables or you have a very large database. Running the “alter table
” command can take a lot of time to update your database structure.
Disadvantages of this method
One drawback here is that each user now has two identities. One userid
and another usertoken
.
Method 2: full database reorganization
You will have to go all over tables that have userid
and add usertoken
column instead. The usertoken
is user identity in UUID format generated by Databunker.
This method will require more changes on your database level and in your application code.
3. Some usefull Databunker commands
Create a user record
curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
-H "Content-Type: application/json" \
-d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'
Fetch user records by email
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com
Fetch user records by login
curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john
Other commands:
For a full list of commands, see the API document.
4. Node.js examples
-
Node.js example implementing passwordless login using Databunker: https://github.com/securitybunker/databunker-nodejs-passwordless-login
-
Node.js example with Passport.js, Magic.Link and Databunker: https://github.com/securitybunker/databunker-nodejs-example
-
Secure Session Storage for Node.js apps: https://databunker.org/use-case/secure-session-storage/#databunker-support-for-nodejs
Node.js modules
-
@databunker/store
from https://github.com/securitybunker/databunker-store -
@databunker/session-store
from https://github.com/securitybunker/databunker-session-store