Secure DB Bridge For Bervice

by bervice

Description

Secure DB Bridge for Bervice is a secure and lightweight bridge plugin that allows your WordPress website to connect directly to the Bervice decentralized infrastructure.
Bervice is a blockchain-based and quantum-encryption-ready platform focused on data security, privacy, and long-term information preservation.

By installing this plugin on your website, you can:
– Establish a secure, encrypted connection between your WordPress site and Bervice.
– Allow Bervice to back up critical data safely without exposing your credentials or server.
– Strengthen your site’s resilience against data loss and central-point failures.
– Integrate seamlessly with your existing CMS environment.

This plugin acts as one of the core gateway services in the Bervice ecosystem.
It’s specifically designed to help WordPress site owners keep their data protected through decentralized and quantum-secure backup mechanisms.

For more details and full documentation, visit https://bervice.com.

Installation

Install the plugin either by:
- Uploading the plugin folder to /wp-content/plugins/secure-db-bridge-for-bervice, or
- Searching for “Secure DB Bridge for Bervice” in the WordPress plugin directory and clicking Install Now.
Activate the plugin from the Plugins menu in your WordPress Dashboard.
After activation, click on the “Bridge for Bervice” menu item in the dashboard to open the plugin settings page.
Open your Bervice desktop application and go to the Database Solution section.
Copy the generated:
- Key ID
- Shared Secret (Base64)
and paste them into the corresponding fields in the WordPress plugin settings.
In the IP Allowlist field, enter the public IP address of your server or system.
Click Save Changes — your site is now securely connected to Bervice, and you can start decentralized backup operations through the Bervice application.
For more details and full documentation, visit https://bervice.com.

Screenshots

Plugin settings page, where you can securely connect your WordPress site to Bervice.

Faq

Does the plugin work on its own?

No. This plugin acts as a bridge between your WordPress website and the Bervice platform. It doesn’t provide backup or security functions by itself — it securely connects your infrastructure to Bervice.

Does this plugin back up the database?

The plugin itself does not perform backups directly. However, once connected, the Bervice software can securely and cryptographically back up your data through this bridge.

Can I disconnect the bridge whenever I want?

Yes. You can disable or remove the connection at any time.

Can anyone connect to my website through this plugin?

No. The system is protected by your IP Allowlist and security keys. Only the IPs and credentials that you explicitly authorize can establish a connection.

Reviews

This is just the beginning

By bervice on October 23, 2025

We’re working to deliver the safest and highest-quality service possible.

Changelog

1.1.2 – 2025-10-11

Security: Complete rewrite of REST authentication — HMAC signature, timestamp, nonce, IP allowlist and rate-limiting are now validated in the permission callback so signed external requests work correctly without relying on WP login checks.
Security: Nonce storage hardened — transient keys are SHA-256 hashed to prevent unsafe transient names and improve replay protection.
Security: Signature verification tightened (secure compare) and base64 secret validation added; invalid secrets return clear errors.
Security: IP allowlist behaviour clarified — an empty IP Allowlist now means “no IP restriction” (admin is warned in the settings UI). Administrators may still configure strict allowlists.
Performance: Streaming encryption and delivery implemented — where available the openssl CLI is used for streaming AES-256-GCM encryption; otherwise a safe in-memory fallback is used with a configurable threshold.
Performance: Encrypted backups are streamed to the client using fpassthru/readfile (no full-file file_get_contents()), reducing PHP memory usage and preventing OOM on large dumps.
Reliability: Exporter::encryptFile() HKDF/key handling improved; IV is returned Base64; improved error messages and guaranteed cleanup (gzclose + file removal).
Robustness: Dump generation hardened — additional guards around SHOW CREATE TABLE / SHOW COLUMNS and explicit — WARN: notes when metadata is missing.
Admin: Settings page now warns when secret or ip_allow are empty and explains the security implications.
Dev: PHPCS annotations, type hints and logging reviewed; sensitive values are not leaked in logs.
Upgrade Notice: External clients must adopt the new signed request scheme and send these headers: X-BBridge-KeyId, X-BBridge-Timestamp, X-BBridge-Nonce, X-BBridge-Signature. Ensure a valid Base64 secret (>= 32 raw bytes) is set in plugin settings after update. Test on staging before rolling out to production.

1.1.1 – 2025-10-04

Fix: Resolved PHP parse error in Exporter.php (misplaced braces around the pagination block) that triggered “unexpected identifier ‘gzwrite’, expecting ‘function’”.
Fix: Implemented a proper pagination loop (while (true) with LIMIT/OFFSET) and balanced braces; avoids premature function termination.
Hardening: Safer table handling — string-cast names, strict whitelist against SHOW TABLES, and backtick-quoting via backtick().
Robustness: Additional guards for SHOW CREATE TABLE / SHOW COLUMNS; writes explicit WARN comments into the dump when metadata is missing.
Reliability: Ensured COMMIT and gzclose() always execute; retained size sanity check for output .sql.gz.
New: Admin menu page (“DB Bridge”) with icon support (assets/admin-icon.svg or Dashicons fallback).
Security: Tightened uploads tmp directory — creates index.html and Apache 2.4 .htaccess with Require all denied for both /bervice-db-bridge/ and /tmp/. (Note: Nginx users must restrict via server config.)
Dev: PHPCS annotations trimmed/clarified; namespace/type hints refined; no breaking changes to REST endpoints or settings.

1.1.0 – 2025-10-03

Refactored database dump logic in Exporter.php:

1.0.9 – 2025-10-02

$safeTable comes from a trusted whitelist and cannot be placeholder-bound.
Direct DB queries are required to produce SQL dumps.
Caching is skipped intentionally to ensure real-time backup accuracy.

1.0.8 – 2025-10-01

Added whitelist check for table names to ensure only those returned by SHOW TABLES are processed.
Escaped table identifiers using backtick() for improved SQL safety.
Documented and justified usage of interpolated table names with phpcs:ignore inline comments (placeholders cannot be used for identifiers).
Improved inline comments for WordPress.org code review clarity.
Minor code clean-up and consistency improvements.

1.0.7 – 2025-09-28

Resolved remaining PHPCS/WPCS warnings in Exporter.php.
Added explicit phpcs:ignore annotations for unavoidable direct database queries (SHOW TABLES, SHOW CREATE TABLE, SHOW COLUMNS).
Documented safe usage of interpolated table names where placeholders are not possible in MySQL.
Final compliance alignment for WordPress Plugin Directory review.

1.0.6 – 2025-09-26

Fixed final PHPCS/WPCS issues flagged by WordPress.org Plugin Check.
Escaping enforcement: added // phpcs:ignore where binary output or MySQL limitations apply.
Updated Exporter with explicit ignore rules for SHOW CREATE/SHOW COLUMNS queries.
Improved uninstall cleanup routine for safer transient removal.
Codebase fully aligned with WordPress Plugin Directory requirements.

1.0.5 – 2025-09-20

Fixed mismatched text domain warnings (secure-db-bridge-for-bervice).
Escaped all dynamic outputs for improved security.
Replaced unlink() and readfile() with WordPress-safe alternatives.
Improved handling of client IP sanitization.
Updated uninstall routine with safer option/transient cleanup.
General code cleanup for PHPCS/WPCS compliance.

1.0.4 – 2025-09-16

Added /languages directory to fix Domain Path warning.

1.0.3 – 2025-09-15

Initial stable release.