I would like to anonymize some DB-tables on the fly to ensure that no one -
not even me as administrator - can perform joins between tables signed with
auth.user_id and tables signed with anonym_user_id but the logged in user
himself. At the same time I would like to be able to perform joins within
the tables signed with anonym_user_id like this:
select a.*, b.*
from table1 a, table2 b
where a.anonym_user_id = b.anonym_user_id
even if the user is not logged in. This means the system has to assign on
login the same anonym.user_id to the user, otherwise I couldn't perform
joins using it as a key.
My idea is to extend the auth_user table with two fields (user_salt,
user_prefix) generated on registration and filled with a UUID. On login the
user would get assigned a hash like this:
session.anonym_user_id =
str(CRYPT(digest_alg='pbkdf2(1000,20,sha512)',key='my_secret_key',salt='user_salt')('user_prefix'+'user_password')[0])
If I understand the hashing process correctly than the following:
>>> a =
str(CRYPT(digest_alg='pbkdf2(1000,20,sha512)',salt=True)('user_password')[0])
>>> CRYPT(digest_alg='pbkdf2(1000,20,sha512)',key='my_secret_key',salt='user_salt')('user_prefix'+'user_password')[0]
>>>
== a
>>> False
guarantees a proper anonymization. Or do I miss something?
My question is: do I introduce any security back doors when I save the
above anonym_user_id, user_salt, user_prefix and the
original auth_user.password in the same DB but in different tables? Can
someone crack the user passwords because of this?
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
