Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypted Django Model Fields

A client wants to ensure that I cannot read sensitive data from their site, which will still be administered by me. In practice, this means that I'll have database access, but it can't be possible for me to read the contents of certain Model Fields. Is there any way to make the data inaccessible to me, but still decrypted by the server to be browsed by the client?

like image 715
OwenK Avatar asked Aug 30 '09 04:08

OwenK


People also ask

How to encrypt database in Django?

To encrypt your data using django_cryptography, all you need to do is import encrypt from django_cryptography. fields and use it directly on each field where it is required. In app/models.py put the code given below. Then, add the code given below to app/admin.py to display your models on your admin page.

How do I encrypt text in Django?

Encrypt Password: To encrypt a password in Django, we use the built-in function make_password. This method turns a plain text password into a hash that can be stored in a database.

What encryption does Django use?

By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it's quite secure, requiring massive amounts of computing time to break.


1 Answers

This is possible with public key encryption. I have done something similar before in PHP but the idea is the same for a Django app:

All data on this website was stored encrypted using a private key held by the system software. The corresponding public key to decrypt the data was held by the client in a text file.

When the client wanted to access their data, they pasted the public key into an authorisation form (holding the key in the session) which unlocked the data.

When done, they deauthorised their session.

This protected the information against authorised access to the web app (so safe against weak username/passwords) and also from leaks at the database level.

This is still not completely secure: if you have root access to the machine you can capture the key as it is uploaded, or inspect the session information. For that the cure could be to run the reading software on the client's machine and access the database through an API.

I realise this is an old question but I thought I'd clarify that it is indeed possible.

like image 105
nOw2 Avatar answered Nov 14 '22 18:11

nOw2