For encrypting/decrypting DB columns, we also use a validator:
Ex:
db.define_table('table',
Field('name', 'text'),
Field('host', 'text', requires =
SecureValidator(symmetrickey)),
Field('secret', 'text', requires =
SecureValidator(symmetrickey))
)
Where SecureValidator is similar to:
class SecureValidator:
''' Encrypts and decrypts data to database
'''
def __init__(self, phrase, error_message="Error"):
self.phrase = phrase
self.e = error_message
def __call__(self, value):
# Encrypt Data here
val = encrypt_string(value, phrase=self.phrase) # Encrypt string
method
return (val, None)
def formatter(self, value):
val,err = decrypt_string(value, self.phrase) # Decrypt data
if err:
# Log Error: ('Error occured when decrypting data')
return 'Error: %s' % err
else:
return val
-- Richard
On Wednesday, April 11, 2012 12:35:05 PM UTC-5, naveed wrote:
>
> Thanks Massimo for getting back. I can’t use an encrypted file system
> as when the file system is mounted, it’s totally open. Every file can be
> encrypted with the same master password. I’m thinking of storing this
> master password which is itself encrypted using the user’s password (or
> it’s hash) in the auth_user table.
>
> On a related note, I am planning to encrypt some columns of other tables
> using the same master password. Your thoughts on this approach?
>
>
> *From:* Massimo Di Pierro <[email protected]>
> *Sent:* Wednesday, April 11, 2012 12.13
> *To:* [email protected]
> *Subject:* [web2py] Re: web2py: encrypt uploaded files
>
> What are the specs? Can you store them in an encrypted file system? can
> you encrypt them with the same password? Should every file be encrypted
> with a different password? Where should the passwords be stored?
>
> On Wednesday, 11 April 2012 11:54:24 UTC-5, naveed wrote:
>>
>> I need to encrypt uploaded files in web2py (for a HIPAA compliant
>> application) preferably with AES. How can I accomplish this?
>>
>
