Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
On Jan 3, 2006, at 5:31 PM, Tim Peters wrote: [Monica chopra] ... I am still hanging at my point how to hide that data in .fs file as i can see completely all the data if i open that file in notepad or any other editor. ZODB doesn't support encryption directly, and there are no current plans to add such a feature. The alternatives given by others and Tim all seem more attractive for reasons they describe, but I'll just throw out another approach that might be of interest. I think your application could define and use a custom subclass of Persistent, with __getstate__ and __setstate__ methods overridden to provide and use encrypted pickles of the dicts that would otherwise be the state. This requires the encryption key to be available to your application code, so the problem of hiding something is moved (and concentrated). As others have noted, a change like this doesn't really provide additional security in most situations. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
RE: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
[Monica chopra] > ... > I am still hanging at my point how to hide that data in .fs file as i > can see completely all the data if i open that file in notepad or any > other editor. I will attach a sample data.fs file and my sample code with > this mail . See if any one can guide me inthis context. Its a small code > which add some organisation and then employees in that organisation. > > I have added an organisation Named EagleHawk and Employee monica with age > 26. Now if u open that file u can easily read eaglehawk and monica in the > file. I just want to avoid this. ZODB doesn't support encryption directly, and there are no current plans to add such a feature. I don't know whether you've been reading replies on this mailing list, but people suggested the sensible approach of using an encrypted filesystem. Exactly how to do that depends on the operating system you're using, and really has nothing to do with ZODB specifically. It might also help if you explained who you're trying to hide this data from. If you're trying to hide it from other users on the same machine, setting OS-level permissions may (or may not) be good enough. If you're transporting the Data.fs file, it can be encrypted using any method used to encrypt any other kind of file. Etc. What you can't get is to have ZODB do it for you, because no such code exists. At an extreme, I suppose you could encrypt user names (etc) yourself, and store the encrypted strings instead of plain text. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
Hi friends Sorry i troubled someone too much by mailing direct into his account. I am sorry for that.but i was not aware of any of his mail saying me to post query somewhere else.any ways it will not happen again. I am still hanging at my point how to hide that data in .fs file as i can see completely all the data if i open that file in notepad or any other editor. I will attach a sample data.fs file and my sample code with this mail . See if any one can guide me inthis context. Its a small code which add some organisation and then employees in that organisation. I have added an organisation Named EagleHawk and Employee monica with age 26. Now if u open that file u can easily read eaglehawk and monica in the file. I just want to avoid this. Thanks Monica
Regards
Monica ChopraSr.ProgrammerMedonline Ltd.Tel:(09) 524 0324
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
data.fs
Description: 122756374-data.fs
from ZODB import FileStorage, DB
from ZODB.PersistentMapping import PersistentMapping
from persistent import Persistent
import unicodedata
#import logging
#logging.basicConfig()
class Employee(Persistent):
"""An employee"""
def __init__(self, name,age,organisation,manager=None):
#self.name=name.encode('utf-16')
self.name=name
self.age=age
self.organisation=organisation
self.type="E"
self.manager=manager
class Organisation(Persistent):
"""An organisation"""
def __init__(self, name,Id):
self.Id=Id
#self.name=unicode( name, "utf-16" )
#self.name=name.encode('utf-16')
#self.name=unicode(name)
self.name=name
self.type="O"
# setup the database
import transaction
storage =FileStorage.FileStorage('Data\data.fs')
db=DB(storage)
connection=db.open()
root=connection.root()
if not root.has_key("sbx"):
root["sbx"] = []
#root["lstOrg"] = {}
#lstOrg=root["lstOrg"]
#sbx=root["sbx"],root["organisation"] # get the sbx mapping, creating an
empty mapping if
sbx=root["sbx"]
transaction.commit()
else:
sbx=root["sbx"]
transaction.commit()
#lstOrg=root["lstOrg"]
# # get the sbx mapping, creating an empty mapping if
# # necessary
#if not root.has_key('sbx'):
#from BTrees.OOBTree import OOBTree
#root['sbx'] = OOBTree()
#sbx = root['sbx']
def AddOrganisation(name,id):
#if sbx.has_key(name):
# print "There is already an employee with this name."
# return
#lstOrg[id]=Organisation(name,id)
#root['lstOrg'] = lstOrg # reassign to change
sbx.append(Organisation(name,id))
root['sbx'] = sbx # reassign to change
print "Organisation %s added." % name
transaction.commit()
print
#for key in sbx.keys():
# obj= sbx[key]
# print obj.name
for organisation in sbx:#.values():
if organisation.type=="O":
print organisation.name
def listEmployees():
if len(sbx)==0: #values()
print "There are no employees."
print
return
for employee in sbx:#.values():
#print employee.type
if employee.type=="E":
print "Name: %s " % employee.name
print "Age: %s" % employee.age
print "Organisation: %s" % employee.organisation.name
if employee.manager is not None:
print "Manager's name: %s" %
employee.manager.name
#def listorgZemp(name):
def listorgZemp():
if len(sbx)==0: #.values()
print "There are no employees."
print
return
for employee in sbx:#.values():
#print employee.type
#if employee.type=="E":
if employee.type=="O":
#if employee.organisation.name==name:
print "Name: %s " % employee.name
# print "Age: %s" % employee.age
# print "Organisation: %s" %
employee.organisation.name
# if employee.manager is not None:
# print "Manager's name: %s" %
employee.manager.name
def empDetails(name):
if not sbx.has_key(name):
prin
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
tav wrote at 2005-12-31 18:40 +: >> Why is it significantly easier to protect the key[s] >> used for the encryption than the storage itself? > >one could always passphrase-protect the key, i.e. use symmetric encryption. > >admittedly, this could potentially be brute-forced, but ... should be >good enough for most purposes? What, if your server restarts over night? -- Dieter ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
tav schrieb: >> Why is it significantly easier to protect the key[s] >> used for the encryption than the storage itself? > > > one could always passphrase-protect the key, i.e. use symmetric encryption. > > admittedly, this could potentially be brute-forced, but ... should be > good enough for most purposes? > And how does your Application (Zope) access the storage? Exactly. It needs the key - if it has the key - the "attacker" can just read the data thru the application. In the end this does not buy you anything but overhead. If you want to encrypt, just use a crypted filesystem as DM already suggested. Best performance, best transparency and well tested. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
> Why is it significantly easier to protect the key[s] > used for the encryption than the storage itself? one could always passphrase-protect the key, i.e. use symmetric encryption. admittedly, this could potentially be brute-forced, but ... should be good enough for most purposes? -- have-a-great-new-year, tav ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
Please always stay on the list! Monica chopra wrote at 2005-12-30 19:22 -0800: > ... > Thanks for responding but can clarify more about how to do that. How can i > make an ecrypted file. > ... >Dieter Maurer <[EMAIL PROTECTED]> wrote: > Monica chopra wrote at 2005-12-29 18:17 -0800: >>... >It would not be difficult to implement an "EncryptedFileStorage". A file storage is a sequence of transaction logs. Currently, it writes the transaction log in clear text. An "EncryptedFileStorage" would instead write and (later) read (partially) encrypted log entries. For the details, you would need to carefully look at how "FileStorage" works. But, have you read (and appreciated) my objection? I repeat: Why is it significantly easier to protect the key[s] used for the encryption than the storage itself? If this is indeed the case for you, you might find the use of an encrypted filesystem even more attractive: there all your files (and not only part of the storage file) are encrypted. Of course, key handling will remain an issue... -- Dieter ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
Monica chopra wrote at 2005-12-29 18:17 -0800: > I have recently jumped into python and ZODB . I am quiet familar to syntax > and everything but there is one Issue . when we create a .fs file or say > data.fs and saves in it some objects.If we open this file in notepad or other > editior. It shows the data about objects everything its name its address or > whatever information an object has.you can search particular property in that > file. What should be done to hide that data. It would not be difficult to implement an "EncryptedFileStorage". However, the key(or keys) for the encryption/decryption must be kept somewhere. Out of hand, it is not obvious that protecting these keys is much easier than protecting the storage itself. -- Dieter ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
On 12/29/05, Monica chopra <[EMAIL PROTECTED]> wrote: > I have recently jumped into python and ZODB . I am quiet familar to syntax > and everything but there is one Issue . when we create a .fs file or say > data.fs and saves in it some objects.If we open this file in notepad or > other editior. It shows the data about objects everything its name its > address or whatever information an object has.you can search particular > property in that file. What should be done to hide that data. You need to be more careful in formulating your question. What data are you attempting to hide? Who you are attempting to hide it from? And so. Neither ZODB nor FileStorage were designed with a thought towards encrypting the persistent representation of the data. Jeremy ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
[ZODB-Dev] Query Regrading ZODB FileStorage(.fs file)
Hello I have recently jumped into python and ZODB . I am quiet familar to syntax and everything but there is one Issue . when we create a .fs file or say data.fs and saves in it some objects.If we open this file in notepad or other editior. It shows the data about objects everything its name its address or whatever information an object has.you can search particular property in that file. What should be done to hide that data. Pls. If u can reply me back on my email id if u have any solution. Thanks Monica Yahoo! Shopping Find Great Deals on Holiday Gifts at Yahoo! Shopping ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
