Yes, I inspected the data with psql - they're indeed encrypted. Again,
thanks.
On Wednesday, June 26, 2013 12:35:54 PM UTC+2, Niphlod wrote:
>
> if you're inspecting your db with web2py then of course you have all in
> clear.... that's the whole point of the filter_in and filter_out methods,
> being "transparent".
>
> Try to inspect your database with an external tool instead.
>
> On Wednesday, June 26, 2013 12:19:24 PM UTC+2, lesssugar wrote:
>>
>> @Niphlod,
>>
>> Thanks very much for your solution. Implemented it, it works -- no errors
>> when inserting/updating data.
>>
>> However, one thing I don't fully get: the data I store using the
>> encryption are displayed as normal strings in the database. I'm not very
>> familiar with encryption specifics but isn't it the point to keep the data
>> in sort of a hard-to-crack code?
>>
>> I use a normal string as key.
>>
>> my test table:
>>
>> db.define_table('contact',
>> Field('user_id', db.auth_user, default=auth.user_id, readable=False,
>> writable=False),
>> Field('email', label='Contact email'),
>> Field('phone', label='Contact phone')
>> )
>>
>> db.contact.email.requires = [IS_EMAIL(error_message="Wrong email
>> address")]
>> db.contact.phone.requires= [IS_LENGTH(maxsize=30, error_message="Bit too
>> long, right?")]
>> db.contact.email.filter_in = lambda value : w2p_encrypt(value)
>> db.contact.phone.filter_in = lambda value : w2p_encrypt(value)
>> db.contact.email.filter_out = lambda value : w2p_decrypt(value)
>> db.contact.phone.filter_out = lambda value : w2p_decrypt(value)
>>
>>
>>
>> On Tuesday, June 25, 2013 8:42:29 PM UTC+2, Niphlod wrote:
>>>
>>> sorry, cut&paste error.
>>>
>>>
>>>
>>> import gluon.contrib.aes as AES
>>> import threading
>>> import os
>>> import base64
>>>
>>> def fast_urandom16(urandom=[], locker=threading.RLock()):
>>> """
>>> this is 4x faster than calling os.urandom(16) and prevents
>>> the "too many files open" issue with concurrent access to
>>> os.urandom()
>>> """
>>> try:
>>> return urandom.pop()
>>> except IndexError:
>>> try:
>>> locker.acquire()
>>> ur = os.urandom(16 * 1024)
>>> urandom += [ur[i:i + 16] for i in xrange(16, 1024 * 16, 16)]
>>> return ur[0:16]
>>> finally:
>>> locker.release()
>>>
>>> def pad(s, n=32, padchar=' '):
>>> return s + (32 - len(s) % 32) * padchar
>>>
>>> def AES_new(key, IV=None):
>>> """ Returns an AES cipher object and random IV if None specified """
>>> if IV is None:
>>> IV = fast_urandom16()
>>>
>>> return AES.new(key, AES.MODE_CBC, IV), IV
>>>
>>> def w2p_encrypt(data):
>>> key = 'asdsaddasdasdas'
>>> key = pad(key[:32])
>>> cipher, IV = AES_new(key)
>>> encrypted_data = IV + cipher.encrypt(pad(data))
>>> return base64.urlsafe_b64encode(encrypted_data)
>>>
>>> def w2p_decrypt(data):
>>> key = 'asdsaddasdasdas'
>>> key = pad(key[:32])
>>> data = base64.urlsafe_b64decode(data)
>>> IV, data = data[:16], data[16:]
>>> cipher, _ = AES_new(key, IV=IV)
>>> data = cipher.decrypt(data)
>>> data = data.rstrip(' ')
>>> return data
>>>
>>> db.define_table('t_test',
>>> Field('f_field')
>>> )
>>>
>>> db.t_test.f_field.filter_in = lambda value : w2p_encrypt(value)
>>> db.t_test.f_field.filter_out = lambda value : w2p_decrypt(value)
>>>
>>>
>>>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
