Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Field with encrypt_key display field value in __repr__ and log as default #108

Open
franckbret opened this issue Jul 22, 2019 · 2 comments
Open
Assignees
Milestone

Comments

@franckbret
Copy link
Contributor

@franckbret franckbret commented Jul 22, 2019

When a field has an encrypt_key, its value is unreadable without the key used for encryption on the database table.
On other side, it is readable in the context of the application (in code or interpreter).
By the way I'm not sure its good pratice to return the non encrypted value into object representation, especially because its what's logged into log files.

Not sure if it's a bug as that behavior can be bypassed easily adding convenient repr and/or str to a model.

What do you think ?

If we consider that its developer responsability to deal with the repr of the model, I'm okay with that and I can write a section into documentation.

@jssuzanne jssuzanne self-assigned this Jul 23, 2019
@jssuzanne jssuzanne added this to the 1.0.0 milestone Jul 23, 2019
@petrus-v

This comment has been minimized.

Copy link
Contributor

@petrus-v petrus-v commented Jul 24, 2019

Some through:

  • if an hacker can access somehow to some memory spaces I would argue to save the encrypted value as long is possible ! know if the decrypted key is in memory as well that not a lot of benefit.
  • does this field could be used with a key given to somelse, I mean an other service could receive encrypted data ? I don't think this is the use case or we would not use that field ?
  • also according the context, I guess some time a lazy decrypt would be perfect for performance raison, some times we want to uncrypt all data queried before use them.

So, my 2cts, I guess the best world would be an option to let the dev choose using a lazy decript or not !

@franckbret

This comment has been minimized.

Copy link
Contributor Author

@franckbret franckbret commented Aug 1, 2019

@petrus-v Yep, there can be so many use case, but for all case encryption is not the only way for security. Generally speaking it can protect data in case of stolen database only.

For you second point I don't know... I guess yes but never tried.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.