Hello I want to encrypt fields in the database, because of reasons. I've been through the arguments, but there we have it.
I look at this web2py slice: http://www.web2pyslices.com/slice/show/2012/encrypt-information-into-the-database And it gives a good illustration of how to do it in model with a lambda. BUT... It has a hard coded symmetric key, which I don't want. What I want to do is have a form which accepts a pass phrase. I will salt and hash this, to come up with a hash to use as the symmetric key. I want to make this salty hash available to all subsequent sessions and requests, but I do not want it going to session files or a database. What would be the best way to do that? In this way, if the web2py is started up, no encrypted fields will be served via REST, until someone uses the pass phrase form and puts in the correct phrase (a canary column will be decrypted to check the valid key). Thus, we can avoid storing symmetric key either in code, or in config files, environment variables etc. But of course, requires intervention from a human in the event of server/service restart. This is acceptable. Thanks for any help -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
