/
Secure storage for kDBItem class [5.3.0-B1]

Secure storage for kDBItem class [5.3.0-B1]

The "kDBItem" class is used to persist information about various entities to the database. In some cases, for security reasons, the information to be stored needs to be encrypted. The caveats are, that:

  • not all of stored data needs to be encrypted
  • encryption way can be different (e.g. what encryption key to use) from object to object

Solution

  1. add "secure_storage" option to field definition in unit config
  2. add following methods (for now will just return $field_value as-as) to kDBItem class:
    • ->encrypt($field_name, $field_value)
    • ->decrypt($field_name, $field_value)
  3. create "kDBItem::getSecureFields" method, that would return list of fields, that have "secure_storage" flag in their definition
  4. add the "kDBItem::initSecureStorage" method, that will be called once in below mentioned methods to initialize encryption system for cases, that object contains secure fields
  5. in the "kDBItem::Create" and "kDBItem::Update" method call the "encrypt" method on the $field_value variable, when field is secure (based on "kDBItem::getSecureFields" method call)
  6. in the "kDBItem::Load" and "kDBItem::LoadFromHash" methods call "decrypt" method on all secure fields (based on "kDBItem::getSecureFields" method call) right after we got values from database/hash

This way, when needed a secure storage can be implemented in minutes by connecting preferred encryption library to the project.

P.S.

I specifically haven't mentioned grids in there because secure fields:

  • should not be shown just like that
  • can't be searched/sorted even if we decrypt the value for display purposes

Related Tasks