|
|
|
Forum Newbie
Group: Forum Members
Last Login: 2008-06-15 10:39:00
Posts: 5,
Visits: 6
|
|
| Hi there, Is that possible to implement encrypted properties in class? What i mean is - We have a class like this one: class User { public string Name{ get{}; set{}; } } On object level property Name will be string, but on DB level it will be encripted with some symmetric Key. Each time I read/write User.Name property it will encrypted/decrypted automaticaly by ECO engine. Is that possible? Thanks
|
|
|
|
|
Supreme Being
Group: Forum Members
Last Login: Yesterday @ 16:25:35
Posts: 137,
Visits: 411
|
|
Good question.
My opinion is - you have to do something with PMP. Try PMP sources.
Encrypt/Decrypt is the DB responsibility
Might be I am wrong.
Regards,
Alex
|
|
|
|
|
Supreme Being
Group: Forum Members
Last Login: 2009-12-21 19:09:25
Posts: 111,
Visits: 839
|
|
Hi nikulin_andrey,
You could achieve that by creating a custom PersistenceMapper.
This can be done by adding a new item int the PMP.cs > PersistenceMapperSqlServer > SqlDataBaseConfig > PersistenceMappers witch is a collection. This is a collection of PersistenceMapperDefinition objects. Each object holds a Name and a Type for an specific persistence mapper.
You will notice that there is one to Strings, Integers, DateTimes, etc. You can add a EncryptedString for instance.
Than, go to %PROGRAMFILES%\CapableObjects\ECO\4.0\source\Persistence\DefaultAttributeMappers.cs and take a look / copy the StringAsVarChar Mapper.
After customizing the mapper, adding the .cs file to your project, adding an entry to the PersistenceMappers Collection of your persistence mapper component, all you will need is to go to the model and change the PMapper property of the attribute you intend to encrypt to the one you just created.
I hope that this will help you.
--
Pedro Brown
pedro@tectrilha.com.br
Tectrilha Software - Borland Learning Partner
|
|
|
|
|
Supreme Being
Group: Forum Members
Last Login: Yesterday @ 16:25:35
Posts: 137,
Visits: 411
|
|
My colleague advised this:
1. Create crypt/decrypt dll
2. Add any methods to your class in ModelMaker. Generate code for this method
3. Write code to use your dll in this method. You can crypt/decrypt User.Name
4. ECO will save/load value
Something like this
Regards,
Alex
|
|
|
|
|
Supreme Being
Group: Forum Members
Last Login: 2009-12-21 19:09:25
Posts: 111,
Visits: 839
|
|
| You can do that to. I haven't thought that, but you can simply mark your attribute as 'Has user Code' and the put the encryption/decryption code in the get{} set{} methods. Regards
--
Pedro Brown
pedro@tectrilha.com.br
Tectrilha Software - Borland Learning Partner
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 2008-06-15 10:39:00
Posts: 5,
Visits: 6
|
|
| Hi all, I have already found solution. Thanks to Pedro Brown for idea of custom percistance mapper. I think I made quite interisting thing. I have got a class with some data which should be secure and only user created it can see data. So I encrypt secure properties and use user password as key for TripleDES algorithm. In the same time I dont store password in DB. I store login and encrypted login in DB. When user login in app I use password to decrypt login from DB to compare with entered login. If they are the same - success login etc. Reason for that is nobody can access data except user saved it. Even developer and DB admin. But if you loose password you loose you data. Nice!
|
|
|
|
|
Supreme Being
Group: Forum Members
Last Login: Yesterday @ 16:25:35
Posts: 137,
Visits: 411
|
|
Suggestion:
You can add private question/answer for users who forgot password
|
|
|
|
|
Supreme Being
Group: Forum Members
Last Login: 2009-12-21 19:09:25
Posts: 111,
Visits: 839
|
|
| What would happend if the user decides to change his password? Would you drill down your data and decrypt/re-encrypt all of it? I see that the custom persistence mapper idea is too much, but it seems to me that the encryption/decryption code in the get{} set{} methods using a fixed key would be better. Regards
--
Pedro Brown
pedro@tectrilha.com.br
Tectrilha Software - Borland Learning Partner
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 2008-06-15 10:39:00
Posts: 5,
Visits: 6
|
|
pedro_brown (2008-06-13)
What would happend if the user decides to change his password? Would you drill down your data and decrypt/re-encrypt all of it? Exactly. I see that the custom persistence mapper idea is too much, but it seems to me that the encryption/decryption code in the get{} set{} methods using a fixed key would be better. Regards This method will make it possible for developer\db admin\any person who knows the key decrypt data and use it\sell it. Right? In case with password as encryption key no one but user only can encrypt his data! This is main point of application - total secure data!
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 2008-06-15 10:39:00
Posts: 5,
Visits: 6
|
|
guest00 (2008-06-13)
Suggestion:
You can add private question/answer for users who forgot passwordIt is impossible in my case because password is not saved in DB and some of user data is encrypted using password as a key!
|
|