Reputation: 163
Encrypted Django Model Fields
A client wants to ensure that I cannot read sensitive data from their site, which will still be administered by me. In practice, this means that I'll have database access, but it can't be possible for me to read the contents of certain Model Fields. Is there any way to make the data inaccessible to me, but still decrypted by the server to be browsed by the client?
Upvotes: 7
Views: 6075
Answers (6)
Reputation: 61
Some other issues to consider are that the web application will then not be able to sort or easily query on the encrypted fields. It would be helpful to know what administrative functions the client wants you to have. Another approach would be to have a separate app / access channel that does not show the critical data but still allows you to perform your admin functions only.
Upvotes: 0
Reputation: 666
This is possible with public key encryption. I have done something similar before in PHP but the idea is the same for a Django app:
All data on this website was stored encrypted using a private key held by the system software. The corresponding public key to decrypt the data was held by the client in a text file.
When the client wanted to access their data, they pasted the public key into an authorisation form (holding the key in the session) which unlocked the data.
When done, they deauthorised their session.
This protected the information against authorised access to the web app (so safe against weak username/passwords) and also from leaks at the database level.
This is still not completely secure: if you have root access to the machine you can capture the key as it is uploaded, or inspect the session information. For that the cure could be to run the reading software on the client's machine and access the database through an API.
I realise this is an old question but I thought I'd clarify that it is indeed possible.
Upvotes: 5
Reputation: 13354
You and your client could agree on them being obscured. A simple XOR operation or something similar will make the values unreadable in the admin and they can be decoded just in time they are needed in the site.
This way you can safely administer the site without "accidentally" reading something.
Make sure your client understands that it is technically possible for you to get the actual contents but that it would require active effort.
Upvotes: 0
Reputation: 15019
No, it's not possible to have data that is both in a form you can't decrypt it, and in a form where you can decrypt it to show it to the client simultaneously. The best you can do is a reversible encryption on the content so at least if your server is compromised their data is safe.
Upvotes: 5
Related Questions
- How to encrypt TextField before saving in database
- How to encrypt a password field in django
- Encrypt django model field using python 3.5
- Django Admin encrypt values of certain fields on changed(or save) with save_model()
- how to save the particular django model field as encrypted to database?
- How to store cipher text in Django Models
- Custom Django Model Field (lazy encryption/decryption)
- Django and field encryption with database ENCRYPTBYKEY function
- django/python custom data encryption
- encrypting data submitted through a form in django