I'd have to agree, put the user account (email, username, whatever) and the fields all together, calculate hmac on that, and store it. If someone changes the data, the hmac won't match and you'll see it's not valid. Of course, an admin could just go in and modify the hmac signature after updating the record... so you aren't protecting yourself from a malicious administrator with the hmac case.
On Tuesday, April 28, 2015 at 1:43:29 PM UTC-7, Niphlod wrote: > > at this point, why do you even care of using certs ? you need "signing", > not "encryption" AND you're not hooked up to a CA .........just use an hmac > ! > > On Tuesday, April 28, 2015 at 10:31:41 PM UTC+2, Richard wrote: >> >> If the private key is protect by password only the user can use no? >> >> I am far from an expert in encryption... I was thinking of sotring gpg >> pub and private key in auth_user field for each respectively. Then invoque >> the user to input password when he want to sign a record after_validation >> and before_insert occur... >> >> ?? >> >> Richard >> >> >> On Tue, Apr 28, 2015 at 4:26 PM, Niphlod <nip...@gmail.com> wrote: >> >>> The assumption was indeed "if the app is the only thing accessing the >>> database". Not trusting DB administrators is kinda weird as a requirement, >>> but if that's your scenario, go for it. >>> I'm a bit lost on the general idea for the implementation........ is the >>> user required to input some kind of key/cert every time a row is stored ? >>> because if you save the key/cert in the db, you're screwed anyway. >>> >>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to web2py+un...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
