not to discredit the efforts, but if you're not going to relinquish the computed signature to the user, what good does it make over auditing changes through, e.g., record_versioning ? If the database is only accessed within your app, your app (and/or your server) is responsibile of NOT tampering the data. Storing an autocomputed hash or signage of whatever kind along the row IMHO has absolutely no added benefits, unless the database is accessed by something else than your app.
On Tuesday, April 28, 2015 at 9:43:26 PM UTC+2, Richard wrote: > > Thanks for answer... > > I want an electronic signature for db records which will be privatekey > sign by the user when he do some operation (let say review the record > data). The signature will be done over an serialized version of the record > once form accepted and before the record get insert. This signature will be > store in a separate column. It can then be possible by using the user > pupkey to decrypt the signature to determine what the state of the record > was and if some tamper with it or not... This process can be automated so > we don't have to make any "visual" kind of inspection obviously... > > I start to have pretty good understanding of what I need and how to > acheive it... > > If there is no body done such a thing I will do it... > > I will then make it available to review and comment and it could be > included in web2py as a contrib or in the core if it juged enough generic > and util... > > Richard > > On Tue, Apr 28, 2015 at 3:21 PM, Alex Glaros <alexg...@gmail.com > <javascript:>> wrote: > >> this is probably not what you're looking for, especially from a newbie >> like me, but am writing authorizing feature where any number of people can >> be selected to authorize any thing. Example, the organization wants legal >> department, exec, and public affairs department all to authorize a new web >> page before it goes public. >> >> the way I'm writing it is to use web2py's groups/permissions. Then for >> each authorizable object, user can choose single or two factor >> authorization using Web2py's capability to email user a link proving that >> they authorized that stage of the project. >> >> Alex Glaros >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+un...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
