Re: encrypted database

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 58681
interpreted = N
texte = You will need to double-url the encrypted values in your APPEND, and single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl on the values being appended, so with the double-url you are left with a single-url'ed value written to the database, which will avoid dangerous characters being written out. [append db=SomeDatabase.db]name=[url][url][encrypt seed=abcedfg][name][/encrypt][/url][/url]&...[/append] [founditems] [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]... [/founditems] As for searching, you'd be pretty screwed. You cannot even search with an EQ on seed-encrypted values, as the same seed applied to the same value may result in a different encrypted value. If you encrypt without a seed, you will get a consistent encrypted value but it cannot be decrypted (this lets you compare encrypted passwords, for example, but not retrieve their original decrypted value). I don't know of any way to hide the seed from someone with access to the source code. - brian On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote: > Hello! is it safe to encrypt every single data loaded in a WebDNA > database (that may become quite large, +40 meg with time) using > > [Append db=SomeDatabase.db]name=[Encrypt > seed=abcdefg][name][/Encrypt]&address=[Encrypt > seed=abcdefg][address][/Encrypt][/Append] > > and is WebDNA still able to do some searching in the encrypted > database ? what would be the proper way to search? > > > [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt > seed=abcdefg][name][/Encrypt]] > [FoundItems] > [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt > seed=abcdefg][Address][/Decrypt]
> [/FoundItems] > [/Search] > > also, how to hide the "seed" in the templates in case the disk is > stolen? (requested by the customer) > > Thank you! > chris ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: encrypted database ( Brian Fries 2004)
  2. Re: encrypted database ( Chris 2004)
  3. Re: encrypted database ( Brian Fries 2004)
  4. encrypted database ( Chris 2004)
  5. Re: Encrypted Databases (Tom Duke 2000)
  6. Re: Encrypted Databases (WebDNA Support 2000)
  7. Re: Encrypted Databases (Kenneth Grome 2000)
You will need to double-url the encrypted values in your APPEND, and single-unurl them in you FOUNDITEMS. WebDNA performs a single unurl on the values being appended, so with the double-url you are left with a single-url'ed value written to the database, which will avoid dangerous characters being written out. [append db=SomeDatabase.db]name=[url][url][encrypt seed=abcedfg][name][/encrypt][/url][/url]&...[/append] [founditems] [decrypt seed=abcdefg][unurl][name][/unurl][/decrypt]... [/founditems] As for searching, you'd be pretty screwed. You cannot even search with an EQ on seed-encrypted values, as the same seed applied to the same value may result in a different encrypted value. If you encrypt without a seed, you will get a consistent encrypted value but it cannot be decrypted (this lets you compare encrypted passwords, for example, but not retrieve their original decrypted value). I don't know of any way to hide the seed from someone with access to the source code. - brian On Jun 28, 2004, at 2:57 PM, Christophe Billiottet wrote: > Hello! is it safe to encrypt every single data loaded in a WebDNA > database (that may become quite large, +40 meg with time) using > > [Append db=SomeDatabase.db]name=[Encrypt > seed=abcdefg][name][/Encrypt]&address=[Encrypt > seed=abcdefg][address][/Encrypt][/Append] > > and is WebDNA still able to do some searching in the encrypted > database ? what would be the proper way to search? > > > [Search db=SomeDatabase.db&eqNAMEdata=[Encrypt > seed=abcdefg][name][/Encrypt]] > [founditems] > [Decrypt seed=abcdefg][Name][/Decrypt], [Decrypt > seed=abcdefg][Address][/Decrypt]
> [/FoundItems] > [/Search] > > also, how to hide the "seed" in the templates in case the disk is > stolen? (requested by the customer) > > Thank you! > chris ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Frames and WebCat (1997) WebCatalog for Postcards ? (1997) How many lookups does it take ... (2003) Shipcost lookup? (1997) Me know logical no need (2002) WebCat2 - [format thousands] (1997) [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (2011) Use of Back and Reload Buttons on ShoppingCart page? (1997) Purchase Plugin Missing (1996) WC2.0 Memory Requirements (1997) I'm new be kind (1997) cr/cr/lf under WebSite ($WebCat.exe) confirmed (2000) Webcatalog, Webstar and Crasharama (1999) ShippingCosts (1998) Showing once on a founditems (1997) Attn: Bug in GeneralStore example b15 (1997) WebDNA 5.1 is now available! (2003) Prevent Caching js Files (2003) Permissions Ignored - PLEASE HELP (2003) shipCost not working v2.1b4 (1997)