cache.ram is limited to a single server, but if you need to span multiple servers, you could set up something like memcache.
Anthony On Wednesday, December 16, 2015 at 10:37:41 AM UTC-5, Gary Cowell wrote: > > No, it'd be one pass phrase for the whole thing. Like a vault key. > > There'd be another page for entering two of them so you can change the > phrase, decrypt, encrypt pass the whole thing. > > cache.ram sounds a possibility, I'll look into that, I recall some > discussions a while back that this wasn't suitable in all cases (apache?) > > > > On Wednesday, 16 December 2015 15:35:52 UTC, Anthony wrote: >> >> Is there a passphrase per user, or just one for the whole app (perhaps >> entered by an admin user)? In either case, I suppose you could use >> cache.ram, but if there is a passphrase per user, you would need a unique >> key for each user (e.g., the user ID), and you would also need to do some >> occasional cleanup of old passphrases. >> >> Anthony >> >> On Wednesday, December 16, 2015 at 10:27:22 AM UTC-5, Gary Cowell wrote: >>> >>> Hello >>> >>> I want to encrypt fields in the database, because of reasons. I've been >>> through the arguments, but there we have it. >>> >>> I look at this web2py slice: >>> >>> >>> http://www.web2pyslices.com/slice/show/2012/encrypt-information-into-the-database >>> >>> And it gives a good illustration of how to do it in model with a lambda. >>> BUT... >>> >>> It has a hard coded symmetric key, which I don't want. >>> >>> What I want to do is have a form which accepts a pass phrase. >>> >>> I will salt and hash this, to come up with a hash to use as the >>> symmetric key. I want to make this salty hash available to all subsequent >>> sessions and requests, but I do not want it going to session files or a >>> database. >>> >>> What would be the best way to do that? >>> >>> In this way, if the web2py is started up, no encrypted fields will be >>> served via REST, until someone uses the pass phrase form and puts in the >>> correct phrase (a canary column will be decrypted to check the valid key). >>> >>> Thus, we can avoid storing symmetric key either in code, or in config >>> files, environment variables etc. But of course, requires intervention >>> from a human in the event of server/service restart. This is acceptable. >>> >>> Thanks for any help >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
