-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypted fields cannot be searched in the admin #19
Comments
You are right. It is impossible to search over encrypted values. And there is no workaround. Probably, the only way is to use some 3d party solution, like haystack, to add a search index, using unencrypted data, but this approach could lead for security issues. |
Hi, I think this is related to the object manager. When I tried MyModel.objects.get(email=user_email) it always says "matching query does not exist" I tried adding method "get_prep_lookup" on BaseEncryptedField like this: def get_prep_lookup(self, lookup_type, value): This isn't working because the method "get_db_prep_value" is appending random value from string.printable which isn't reversible. I changed this line into something reversible and everything worked as expected. Hope this will be fixed. Thanks |
What did you use to replace random value? |
I changed "random.choice(string.printable)" into "string.printable[index:index + 1] or 0". This way the get_prep_lookup will be able to recreate the encrypted value. I don't know if this would weaken the security. I'm sorry, I think this didn't solve the admin search, but it did solve the "get" method of the object manager. I don't know why the search was working and now its not. |
Aha, I was searching using exact match. So if I search using a part or phrase it cant find any match. |
That is make sense, because part of the phrase can't be same as the whole phrase, after encoding. |
Probably, the best to close this issue, if there is now complete solution. |
Yeah, this doesn't solve the MyModel.objects.filter method too :( |
Opening this pre-emptively. I'm not sure why but my immediate assumption is because it uses an SQL query to do the search which compares a plaintext vs an encrypted value. Not sure how one would get around this...
The text was updated successfully, but these errors were encountered: