Re: encrypted database

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 58681
interpreted = N
texte = You will need to double-url the encrypted values in your APPEND, and single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl on the values being appended, so with the double-url you are left with a single-url'ed value written to the database, which will avoid dangerous characters being written out. [append db=SomeDatabase.db]name=[url][url][encrypt seed=abcedfg][name][/encrypt][/url][/url]&...[/append] [founditems] [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]... [/founditems] As for searching, you'd be pretty screwed. You cannot even search with an EQ on seed-encrypted values, as the same seed applied to the same value may result in a different encrypted value. If you encrypt without a seed, you will get a consistent encrypted value but it cannot be decrypted (this lets you compare encrypted passwords, for example, but not retrieve their original decrypted value). I don't know of any way to hide the seed from someone with access to the source code. - brian On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote: > Hello! is it safe to encrypt every single data loaded in a WebDNA > database (that may become quite large, +40 meg with time) using > > [Append db=SomeDatabase.db]name=[Encrypt > seed=abcdefg][name][/Encrypt]&address=[Encrypt > seed=abcdefg][address][/Encrypt][/Append] > > and is WebDNA still able to do some searching in the encrypted > database ? what would be the proper way to search? > > > [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt > seed=abcdefg][name][/Encrypt]] > [FoundItems] > [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt > seed=abcdefg][Address][/Decrypt]
> [/FoundItems] > [/Search] > > also, how to hide the "seed" in the templates in case the disk is > stolen? (requested by the customer) > > Thank you! > chris ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypted database ( Brian Fries 2004)
  2. Re: encrypted database ( Chris 2004)
  3. Re: encrypted database ( Brian Fries 2004)
  4. encrypted database ( Chris 2004)
  5. Re: Encrypted Databases (Tom Duke 2000)
  6. Re: Encrypted Databases (WebDNA Support 2000)
  7. Re: Encrypted Databases (Kenneth Grome 2000)
You will need to double-url the encrypted values in your APPEND, and single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl on the values being appended, so with the double-url you are left with a single-url'ed value written to the database, which will avoid dangerous characters being written out. [append db=SomeDatabase.db]name=[url][url][encrypt seed=abcedfg][name][/encrypt][/url][/url]&...[/append] [founditems] [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]... [/founditems] As for searching, you'd be pretty screwed. You cannot even search with an EQ on seed-encrypted values, as the same seed applied to the same value may result in a different encrypted value. If you encrypt without a seed, you will get a consistent encrypted value but it cannot be decrypted (this lets you compare encrypted passwords, for example, but not retrieve their original decrypted value). I don't know of any way to hide the seed from someone with access to the source code. - brian On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote: > Hello! is it safe to encrypt every single data loaded in a WebDNA > database (that may become quite large, +40 meg with time) using > > [Append db=SomeDatabase.db]name=[Encrypt > seed=abcdefg][name][/Encrypt]&address=[Encrypt > seed=abcdefg][address][/Encrypt][/Append] > > and is WebDNA still able to do some searching in the encrypted > database ? what would be the proper way to search? > > > [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt > seed=abcdefg][name][/Encrypt]] > [founditems] > [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt > seed=abcdefg][Address][/Decrypt]
> [/FoundItems] > [/Search] > > also, how to hide the "seed" in the templates in case the disk is > stolen? (requested by the customer) > > Thank you! > chris ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Where is f2? (1997) WebCat hosting providers? (1997) Secure Server (1997) sku, title, price not showing up (1998) Need help, multiple shipping options (2000) [WebDNA] WebDNA glitch, no response required ... (2009) [WebDNA] Need Help Installing on Linux (2014) Re:2nd WebCatalog2 Feature Request (1996) locking variables? (2000) SendMail - Idea (2000) upgrade? (1997) Is the Finder required? (1998) Advanced WebCat Guidelines - do they exist beyond docs (1999) RE: type 2 errors with ssl server (1997) Re(2): Re(4): Small Bug: ErrorLog.txt/[FORMVARIABLES]/[ORDERFILE] (1998) WebCat2: Items xx to xx shown, etc. (1997) [shell] (2002) How fast is your server? (2002) emailer setup (1997) [WebDNA] WebDNA FastCGI (2012)