No, it'd be one pass phrase for the whole thing. Like a vault key. There'd be another page for entering two of them so you can change the phrase, decrypt, encrypt pass the whole thing.
cache.ram sounds a possibility, I'll look into that, I recall some discussions a while back that this wasn't suitable in all cases (apache?) On Wednesday, 16 December 2015 15:35:52 UTC, Anthony wrote: > > Is there a passphrase per user, or just one for the whole app (perhaps > entered by an admin user)? In either case, I suppose you could use > cache.ram, but if there is a passphrase per user, you would need a unique > key for each user (e.g., the user ID), and you would also need to do some > occasional cleanup of old passphrases. > > Anthony > > On Wednesday, December 16, 2015 at 10:27:22 AM UTC-5, Gary Cowell wrote: >> >> Hello >> >> I want to encrypt fields in the database, because of reasons. I've been >> through the arguments, but there we have it. >> >> I look at this web2py slice: >> >> >> http://www.web2pyslices.com/slice/show/2012/encrypt-information-into-the-database >> >> And it gives a good illustration of how to do it in model with a lambda. >> BUT... >> >> It has a hard coded symmetric key, which I don't want. >> >> What I want to do is have a form which accepts a pass phrase. >> >> I will salt and hash this, to come up with a hash to use as the symmetric >> key. I want to make this salty hash available to all subsequent sessions >> and requests, but I do not want it going to session files or a database. >> >> What would be the best way to do that? >> >> In this way, if the web2py is started up, no encrypted fields will be >> served via REST, until someone uses the pass phrase form and puts in the >> correct phrase (a canary column will be decrypted to check the valid key). >> >> Thus, we can avoid storing symmetric key either in code, or in config >> files, environment variables etc. But of course, requires intervention >> from a human in the event of server/service restart. This is acceptable. >> >> Thanks for any help >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
