storing encrypted form data to database
NeonGoby
database, not crypting the login password.
I can think of two ways:
1. use dbio=False, or
2. use onvalidation function to
encrypt the form data.
But I'll need to declare the field as a blob in order to store the
resulting binary data, and blob data won't be displayed in the SQLFORM
as a text field.
What is the proper procedure to take advantage of web2py feature,
while still be able to encrypt the form data?
mdipierro
text/string fields). In the latter case you can create a validator to
do it
remember that a validator is a two-way filter (in and out):
class IS_SECURE:
def __init__(self,encryption_key):
self.key=encryption_key
def __call__(self,plaintext):
ciphertext = encrypt(self.key,plaintext)
return (ciphertext,None)
def fomatter(self,ciphertext):
plaintext = decrypt(self.key, ciphertext)
return plaintext
Then you simply use this validator for the fields you want to encrypt
and everything will be automatic. If you need other validators, make a
list and make sure this is the last one. This will only work for
string and text validators. It assumes you have encrypt/decrypt
functions.
NeonGoby
I'm interested in encrypted some of the fields like names, addresses
etc, not all fields.
So the encrypted text is still a text and no a binary blob?
mdipierro
encrypt and then base64 encodes it to avoid problems.
NeonGoby
On Jan 6, 6:18 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> Good point. It depends on the encrypt function. I would use one that
> encrypt and then base64 encodes it to avoid problems.
>
mdipierro
http://www.4dsolutions.net/cgi-bin/py2html.cgi?script=/ocn/python/blowfish.py
http://www.josh-davis.org/files/uploads/2007/06/aes_v001.py
each of them is single file no dependencies. solid algorithms. The AES
if the offical US government standard for encryption. I tend to trust
the blowfish better because it is not the official standard.