Yes, I inspected the data with psql - they're indeed encrypted. Again, thanks.
On Wednesday, June 26, 2013 12:35:54 PM UTC+2, Niphlod wrote: > > if you're inspecting your db with web2py then of course you have all in > clear.... that's the whole point of the filter_in and filter_out methods, > being "transparent". > > Try to inspect your database with an external tool instead. > > On Wednesday, June 26, 2013 12:19:24 PM UTC+2, lesssugar wrote: >> >> @Niphlod, >> >> Thanks very much for your solution. Implemented it, it works -- no errors >> when inserting/updating data. >> >> However, one thing I don't fully get: the data I store using the >> encryption are displayed as normal strings in the database. I'm not very >> familiar with encryption specifics but isn't it the point to keep the data >> in sort of a hard-to-crack code? >> >> I use a normal string as key. >> >> my test table: >> >> db.define_table('contact', >> Field('user_id', db.auth_user, default=auth.user_id, readable=False, >> writable=False), >> Field('email', label='Contact email'), >> Field('phone', label='Contact phone') >> ) >> >> db.contact.email.requires = [IS_EMAIL(error_message="Wrong email >> address")] >> db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too >> long, right?")] >> db.contact.email.filter_in = lambda value : w2p_encrypt(value) >> db.contact.phone.filter_in = lambda value : w2p_encrypt(value) >> db.contact.email.filter_out = lambda value : w2p_decrypt(value) >> db.contact.phone.filter_out = lambda value : w2p_decrypt(value) >> >> >> >> On Tuesday, June 25, 2013 8:42:29 PM UTC+2, Niphlod wrote: >>> >>> sorry, cut&paste error. >>> >>> >>> >>> import gluon.contrib.aes as AES >>> import threading >>> import os >>> import base64 >>> >>> def fast_urandom16(urandom=[], locker=threading.RLock()): >>> """ >>> this is 4x faster than calling os.urandom(16) and prevents >>> the "too many files open" issue with concurrent access to >>> os.urandom() >>> """ >>> try: >>> return urandom.pop() >>> except IndexError: >>> try: >>> locker.acquire() >>> ur = os.urandom(16 * 1024) >>> urandom += [ur[i:i + 16] for i in xrange(16, 1024 * 16, 16)] >>> return ur[0:16] >>> finally: >>> locker.release() >>> >>> def pad(s, n=32, padchar=' '): >>> return s + (32 - len(s) % 32) * padchar >>> >>> def AES_new(key, IV=None): >>> """ Returns an AES cipher object and random IV if None specified """ >>> if IV is None: >>> IV = fast_urandom16() >>> >>> return AES.new(key, AES.MODE_CBC, IV), IV >>> >>> def w2p_encrypt(data): >>> key = 'asdsaddasdasdas' >>> key = pad(key[:32]) >>> cipher, IV = AES_new(key) >>> encrypted_data = IV + cipher.encrypt(pad(data)) >>> return base64.urlsafe_b64encode(encrypted_data) >>> >>> def w2p_decrypt(data): >>> key = 'asdsaddasdasdas' >>> key = pad(key[:32]) >>> data = base64.urlsafe_b64decode(data) >>> IV, data = data[:16], data[16:] >>> cipher, _ = AES_new(key, IV=IV) >>> data = cipher.decrypt(data) >>> data = data.rstrip(' ') >>> return data >>> >>> db.define_table('t_test', >>> Field('f_field') >>> ) >>> >>> db.t_test.f_field.filter_in = lambda value : w2p_encrypt(value) >>> db.t_test.f_field.filter_out = lambda value : w2p_decrypt(value) >>> >>> >>> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.