Field encryption feature

[frankg]

It is frequent now to hear that unauthorized access to a database is at risk for very sensitive data, such as some specific fields in the databases. In those cases where a database is exposed by a hack that certain fields of the databases are encrypted.

I respectfully ask Appgini developers to incorporate a feature that by clicking on a field, it can be automatically encrypted in the database.
In this way, if a database is compromised in its security, hackers have access to encrypted data.

thanks

[jsetzer]

I clearly understand the possible risk you are referring to.

If this is critical to you, why don't you just create protected fields by yourself by encrypting the plain text values in before insert and before update hook and by decrypting them in _dv hook or by using an ajax call, replacing then encrypted values by decrypted values in TABLENAME-dv.js?

Note: if someone can access your database, she/he may also be able to access the PHP code you are using for encryption/decryption.

[frankg]

Hello JsetZer

Thanks very much for your answer and also for the advice.
Have a nice day.
Sincerely.

Frank

[peebee]

I personally would love to see this feature suggestion. Optional encryption per field would be great.

AES_ENCRYPT() and AES_DECRYPT() with the ability to securely store the key/passphrase somewhere? Yes, it can be done now in the hooks before insert and before update functions but to have it built in would be a great feature.

Just my thoughts but data-at-rest encryption (of some sort) is now really a prerequisite rather than an option for storing any sensitive data.