Security

Hybrid Hosting Model

Dropbase has a hybrid hosting model that combines a self-hosted client and a self-hosted worker, with Dropbase-hosted services that provide authentication, authorization, and store app/component definitions. This hosting model balances customer data security requirements with rapid release of new Dropbase features. The Worker server sits on customer machines/infra so sensitive data stays within.

The Worker is the server that queries your internal database and APIs. Only the self-hosted client and self-hosted worker can make requests to the Dropbase cloud, but not the other way around. That is, the Dropbase backend does not make requests to the worker. This can be easily verified via the requests the browser makes.

Your database credentials, secrets, and API keys are stored directly in your file system, via a .env file. Dropbase does not store any credentials or keys anywhere.

Security

Hybrid Hosting Model​

Hybrid Hosting Model