Hi Dan, On 09/11/2015 09:39 PM, Dan Davis wrote: ... > For both my EncryptedTextField and XMLTypeField, I want to to alter the > SQL that will be generated to query, insert, and update the field so > that XMLType field will be converted to a CLOB or text value with > .getClobValue() function. Similarly, I want the value to save to be > generated from calling AES_Encrypt() with the project's secret key and > to be decrypted by calling AES_Decrypt(). The benefit of using the > database encryption/decryption functions should be clear enough - > encryption and decryption is offloaded from the application, and the > programmer is assured of being able to see the values by constructing a > simple view. > > May I alter the way a query is constructed using a custom Field class in > this way? If so, can anyone provide an example?
Yes, this is possible, and not even that hard (at least in Django 1.8, where Field classes gained more control over SQL generation; I suspect it would be quite a bit more difficult if you need to support older versions). It does require exploiting some undocumented internal APIs. For an example, you can look at my django-pgcrypto-expressions project, which does the same thing for Postgres' built-in symmetric encryption functions: https://github.com/orcasgit/django-pgcrypto-expressions You should be aware, though, that depending on your threat model, encrypting/decrypting in the database can be significantly more risky. It potentially exposes your encryption key in several additional places: on the wire between the application server and the database server and in database server query logs or activity monitors. If your threat model includes the possibility of an attacker with access to the running database server (who may not have gained access to the app server), encryption on the application side is better than on the database side. It's possible to make application-side encryption in Django almost as transparent to the developer as database-side encryption; see django-fernet-fields: https://github.com/orcasgit/django-fernet-fields The main difference is that with application-side encryption you can no longer perform lookups or ordering in the database against the encrypted field. But this isn't really much of a difference, because even with database-side encryption, lookups/ordering on an encrypted field cannot be indexed, meaning they won't scale to large table sizes anyway. HTH, Carl -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/55F46D5A.1060706%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
