The "kDBItem" class is used to persist information about various entities to the database. In some cases, for security reasons, the information to be stored needs to be encrypted. The caveats are, that:
- not all of stored data needs to be encrypted
- encryption way can be different (e.g. what encryption key to use) from object to object
Solution
- add "secure_storage" option to field definition in unit config
- add following methods (for now will just return $field_value as-as) to kDBItem class:
- ->encrypt($field_name, $field_value)
- ->decrypt($field_name, $field_value)
- create "kDBItem::getSecureFields" method, that would return list of fields, that have "secure_storage" flag in their definition
- add the "kDBItem::initSecureStorage" method, that will be called once in below mentioned methods to initialize encryption system for cases, that object contains secure fields
- in the "kDBItem::Create" and "kDBItem::Update" method call the "encrypt" method on the $field_value variable, when field is secure (based on "kDBItem::getSecureFields" method call)
- in the "kDBItem::Load" and "kDBItem::LoadFromHash" methods call "decrypt" method on all secure fields (based on "kDBItem::getSecureFields" method call) right after we got values from database/hash
This way, when needed a secure storage can be implemented in minutes by connecting preferred encryption library to the project.