> Unfortunately, that doesn't prevent theft at runtime, which is the primary > case for encrypting "documents". I used to do something like this with svn > passwords, using a file-backed mdconfig store and geli. > But during runtime, Django has access to the unencrypted database (otherwise it wouldn't be able to work). So any attacker who has managed to compromise Django will have access to the database. Could you describe a use case where the encryption would actually prevent someone from reading the database?
Antonis Christofides http://djangodeployment.com On 2017-05-08 17:19, Melvyn Sopacua wrote: > > On Saturday 06 May 2017 11:56:28 Tim Chase wrote: > > > On 2017-05-05 11:51, agajesh...@atompower.com wrote: > > > > I want to encrypt my sqlite3 database such that it cannot be > > > > accessed without a key. I came across "sqlcipher" tool which > > > > provides encryption for sqlite3 database, but I couldn't find > > > > enough support to make it work from django. > > > > > > > > It would be very helpful if someone can share thoughts on how to > > > > encrypt sqlite3 database and be able to access the encrypted > > > > version through django. > > > > > > While there are other ideas presented in other replies to your email, > > > would it suffice to have an encrypted partition and put your database > > > on that partition? I configure my FreeBSD servers to be ZFS-on-GELI so > > > in the event the power goes out or the machine is rebooted, the > > > contents are unavailable until I enter the password on the console. > > > > Unfortunately, that doesn't prevent theft at runtime, which is the primary > case for encrypting "documents". I used to do something like this with svn > passwords, using a file-backed mdconfig store and geli. > > -- > > Melvyn Sopacua > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com > <mailto:django-users+unsubscr...@googlegroups.com>. > To post to this group, send email to django-users@googlegroups.com > <mailto:django-users@googlegroups.com>. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/3670040.JhOgCCftKx%40devstation > <https://groups.google.com/d/msgid/django-users/3670040.JhOgCCftKx%40devstation?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/914eb0b2-988d-bbcd-cc2c-8822d7fdfa5e%40djangodeployment.com. For more options, visit https://groups.google.com/d/optout.
