Geek Answers Handbook

Django Model Encrypted Fields

The client wants to make sure that I cannot read confidential data from my site, which will still be managed by me. In practice, this means that I will have access to the database, but I will not be able to read the contents of certain fields of the model. Is there a way to make the data inaccessible to me, but still decrypted by the server for viewing by the client?

+4
source share
6 answers

No, it is impossible to obtain data that is in a form that you cannot decrypt and in a form where you can decrypt it in order to display it to the client at the same time. The best you can do is reversibly encrypt the content, so at least if your server is hacked, their data is safe.

+4
source

This is possible with public key encryption. I did something similar before in PHP, but the idea for a Django application is the same:

All data on this website was stored in encrypted form using the private key stored in the system software. The corresponding public key for decrypting the data was stored by the client in a text file.

When the client wanted to access their data, they inserted the public key into the authorization form (holding the key in the session), which unlocked the data.

When this is over, they canceled their session authorization.

This protected the information from authorized access to the web application (so safe for weak users / passwords), as well as from database-level leaks.

This is not yet completely secure: if you have root access to the computer, you can grab the key as it is downloaded or view session information. To do this, you could run the reading software on the client machine and access the database through the API.

I understand that this is an old question, but I thought that I would clarify that this is really possible.

+5
source

Take a look at Django-fields

+2
source

You may find Django Encrypted Fields useful.

+1
source

You and your client can agree that they are shaded. A simple XOR operation or something similar will make the values ​​unreadable in the admin, and they can be decoded just at the time they are needed on the site.

Thus, you can safely administer the site without "accidental" reading.

Make sure your client understands that it is technically possible to get the actual content, but this will require a lot of effort.

0
source

Some other issues to consider are that the web application will not be able to sort or easily query in encrypted fields. It would be useful to know what administrative functions the client wants to get from you. Another approach would be to have a separate application / access channel that does not display critical data, but still allows you to perform only your administrator functions.

0
source

More articles:


All Articles