Ahhhh, ok ye, I understand, then I prefer client side. I just need to sort out the encryption then... I'm not too familiar with encryption algorithms but at the moment its using a text key from a config file and the mode is CBC which I guess is what is generating a different value each time right? In Mike's example he's using ECB mode which is the default. What would be the best mode to use for my scenario? A good balance between secure and performance that works for client side?
On Thursday, 9 July 2020 20:18:52 UTC+2, Jonathan Vanasco wrote: > > > > On Thursday, July 9, 2020 at 2:12:36 PM UTC-4, Justvuur wrote: >> >> I've done some more digging... It seems when I did the search for >> "secrets", the text is encrypted and compared to the value in the columns, >> > > That is how client-side encryption works. If you want to search for > "secrets", you need to use server-side encryption (which depends on the > database). In those systems, the server will decrypt the column in every > row when searching - which can be a performance issue. > > The thing is this type of comparison wont work, the algorithm generates a >> different string each encryption for the same string. >> > > What are you using for your encryption key? The key should be persistent, > and should always generate the same output for a given input. In the > example from Michael Bayer, a random uuid is used as a placeholder. > -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/58a78976-3ebe-428b-824f-165b15f61cb4o%40googlegroups.com.
