Skip to content
This repository has been archived by the owner on Jul 16, 2021. It is now read-only.

Allow wrapping job data serialization #1007

Open
francislavoie opened this issue Feb 16, 2018 · 4 comments
Open

Allow wrapping job data serialization #1007

francislavoie opened this issue Feb 16, 2018 · 4 comments

Comments

@francislavoie
Copy link

  • Laravel Version: 5.5-5.6
  • PHP Version: 7.2
  • Database Driver & Version: Redis

Description:

See:
https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/Queue.php#L128
https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/Queue.php#L175
https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/CallQueuedHandler.php#L42
https://github.com/laravel/framework/blob/5.6/src/Illuminate/Queue/CallQueuedHandler.php#L146

Because my Redis instances are hosted on less-secure servers than my application boxes, I need to be able to encrypt all the sensitive data that might be put into Redis. Currently there's no clear or easy way to extend this functionality transparently. I want to be able to plug in my own transformations at these points so I can control the data.

Any suggestions for doing this that I'm missing, or am I basically forced to fork Illuminate\Queue to do this?
@sisve
Copy link

sisve commented Feb 16, 2018

There was once builtin functionality to, somewhat, encrypt the payload in the queue. That's why there's still a protected $encrypter; in the Queue class. This functionality has since been removed for unknown reasons.

Send a PR that adds encryption in an opt-in kind of way. It would probably just be done at the bottom of the createPayload method.

@francislavoie
Copy link
Author

So that's the thing, I'd rather the implementation be more general than using Encrypter because I'm not using the built-in encryption, I'm using an HSM which has a different contract.

Thanks for pointing that out though, I might do that... but that might take too long for the PR to get into a build I can use (I rather stick with 5.5 because it's LTS) 🤷‍♂️

@francislavoie
Copy link
Author

Huh, did a quick blame, and it seems that $encrypter was only ever used to encrypt closure jobs... that's weird. https://github.com/laravel/framework/blob/a32f8dadf2b36b3ee7549e0166d14cd465e89896/src/Illuminate/Queue/Queue.php#L157

@francislavoie
Copy link
Author

I just realized something after doing some more digging on serialization in PHP. Apparently classes can implement the Serializable interface to override how serialization works for a particular model. I think that means I can add a trait to my jobs/events that will have them be encrypted/decrypted before serialization/deserialization. I'll try it out and report back on this issue. I think this could be something added to the queue documentation to note for anyone else who wants to protect their job data

@francislavoie francislavoie mentioned this issue Mar 19, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sisve @francislavoie