I would like to anonymize some DB-tables on the fly to ensure that no one - 
not even me as administrator - can perform joins between tables signed with 
auth.user_id and tables signed with anonym_user_id but the logged in user 
himself. At the same time I would like to be able to perform joins within 
the tables signed with anonym_user_id like this:

select a.*, b.*
from table1 a, table2 b
where a.anonym_user_id = b.anonym_user_id

even if the user is not logged in. This means the system has to assign on 
login the same anonym.user_id to the user, otherwise I couldn't perform 
joins using it as a key.

My idea is to extend the auth_user table with two fields (user_salt, 
user_prefix) generated on registration and filled with a UUID. On login the 
user would get assigned a hash like this:

session.anonym_user_id = 

If I understand the hashing process correctly than the following:

>>> a = 
>>> CRYPT(digest_alg='pbkdf2(1000,20,sha512)',key='my_secret_key',salt='user_salt')('user_prefix'+'user_password')[0]
== a
>>> False

guarantees a proper anonymization. Or do I miss something?

My question is: do I introduce any security back doors when I save the 
above anonym_user_id, user_salt, user_prefix and the 
original auth_user.password in the same DB but in different tables? Can 
someone crack the user passwords because of this?

- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to