Encrypting content stored in DB

[Rrrr7]

Hi,
I use aes encryption for user passwords and I wonder if there is a way to encrypt other fields from other tables like "zip code" for example.

Is this possible ?

[shannah]

You can implement fieldname__serialize() and fieldname__unserialize() methods in your delegate class where you encrypt and decrypt your data.

[Rrrr7]

[shannah]

fieldname__serialize() is called before saving data to the database to "serialize" it. You can perform encryption in this step.
fieldname__unserialize() is called just after loading data from the database to "unserialize" it. You can perform decryption in this step.

I don't have any examples of unserialize of the top of my head, but you can check out
http://xataface.com/wiki/Authenticating ... sers_table
and
http://xataface.com/wiki/Authenticating ... sers_Table
for examples of using serialize to encrypt columns with custom encryption algorithms.

Note that both of these examples use one-way encryption algorithms. If you want to be able to decrypt, you would need to use a 2-way algorithm.

-Steve

[Rrrr7]

[shannah]

[Rrrr7]

[shannah]

I see. It is probably best not to use the approach I described then. If I were you, I would create a custom action that just retrieves the decrypted password. Set the permissions to that users can only access this action to retrieve their own password. Then just use a mysql_query() with your aes_decrypt() call to retrieve this value manually.

Once you have an action that does this, you can add an AJAX call anywhere in the interface to obtain this password.

Or if you don't want to use AJAX, just create a normal HTML action that includes the decrypted password in its output.

-Steve

[Rrrr7]

[shannah]

[Rrrr7]

[Rrrr7]

I succeeded using the grafted field method !

Thank You !