Field encryption feature

Wish to see a specific feature/change in future releases? Feel free to post it here, and if it gets enough "likes", we'd definitely include it in future releases!
Post Reply
frankg
Posts: 11
Joined: 2020-06-08 16:37

Field encryption feature

Post by frankg » 2022-11-28 21:09

It is frequent now to hear that unauthorized access to a database is at risk for very sensitive data, such as some specific fields in the databases. In those cases where a database is exposed by a hack that certain fields of the databases are encrypted.

I respectfully ask Appgini developers to incorporate a feature that by clicking on a field, it can be automatically encrypted in the database.
In this way, if a database is compromised in its security, hackers have access to encrypted data.

thanks

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: Field encryption feature

Post by jsetzer » 2022-11-28 23:57

I clearly understand the possible risk you are referring to.

If this is critical to you, why don't you just create protected fields by yourself by encrypting the plain text values in before insert and before update hook and by decrypting them in _dv hook or by using an ajax call, replacing then encrypted values by decrypted values in TABLENAME-dv.js?

Note: if someone can access your database, she/he may also be able to access the PHP code you are using for encryption/decryption.
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

frankg
Posts: 11
Joined: 2020-06-08 16:37

Re: Field encryption feature

Post by frankg » 2022-12-01 16:11

Hello JsetZer

Thanks very much for your answer and also for the advice.
Have a nice day.
Sincerely.

Frank

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Field encryption feature

Post by peebee » 2022-12-02 00:50

I personally would love to see this feature suggestion. Optional encryption per field would be great.

AES_ENCRYPT() and AES_DECRYPT() with the ability to securely store the key/passphrase somewhere? Yes, it can be done now in the hooks before insert and before update functions but to have it built in would be a great feature.

Just my thoughts but data-at-rest encryption (of some sort) is now really a prerequisite rather than an option for storing any sensitive data.

Post Reply