Comments (6)
What are the risks of altering a site's database schema?
- When migrating or deploying content from, say, development to production, if the schemas aren't identical, there will be problems.
- When a field is selected to be encrypted and there is existing data, that data would need to be copied to a temporary field, the database altered, then the data copied back to the new column, with encryption happening along the way.
To me, this method of storage is just fraught with too many potential problems. It would be better to copy a field's table and modify thatโso, for instance, the structure for "node__body" would be copied to "node__body__encrypted" and then altered to accommodate encrypted data. Within Drupal, the Body field would then need to retrieve its data from the new db table.
from field_encrypt.
If we end up using a new table to store encrypted data, we will of course need to do the same for the field's revision table. So the structure for "node_revision__body" would be copied to "node_revision__body__encrypted" and altered.
from field_encrypt.
Talked on IRC with @nerdstein about this.
He mentioned a consideration made by him and @rlhawk is to use a content entity for storing the encrypted values.
It would be a content entity with reference fields to property, field, entity, entity id - and an encrypted value of type text.
I'm investigating this option. This is what I found so far:
- If we'd be able to set the "custom_storage" flag on the FieldStorageConfig to TRUE, no database tables will be created for this field.
- Through hook_entity_storage_load() we could find out which fields have the field_encrypt third_party_settings, and thus are encrypted fields. At this point we could load the encrypted value for this field (stored in the separate content entity or wherever would be appropriate), and set the field properties to their unencrypted values.
However, this will probably cause problems when some field properties should be encrypted (e.g. "value") and others shouldn't (e.g. "format"). In that case the custom_storage flag won't store the unencrypted values, from what I can tell...
Also, this approach currently makes Views throw SqlContentEntityStorageException's all over the place on my test install.
I'm not confident this is a solid approach, so other ideas or brainstorming are certainly welcome.
from field_encrypt.
Extra clarification on the desired approach of @nerdstein:
The idea would be to leave the entity as intact as possible.
Upon saving the entity, field properties to be encrypted should then be stored with a NULL / empty value - or maybe not stored at all (via setCustomStorage(TRUE)).
Upon loading the entity, field properties would be populated with the unencrypted values, loaded and unencrypted from a ContentEntity (e.g. EncryptedFieldValue) that had the encrypted value stored.
Upon deleting the entity, cleanup actions should be performed.
To check what (unwanted) consequences this approach might have (e.g. regarding Views, render caching, ...)
from field_encrypt.
TODO:
- add hook to change "[ENCRYPTED]" value to something else, based on the field type.
from field_encrypt.
The requested functionality from this issue has been implemented.
There are some follow-up issues still open, but we can discuss things over there.
Closing this one.
from field_encrypt.
Related Issues (20)
- Batch Process HOT 3
- Evaluate caching of decrypted data HOT 15
- add UninstallValidator HOT 5
- Write tests
- Investigate field updates through CMI HOT 3
- Fix TravisCI
- Fatal errors in \Drupal\field_encrypt\FieldEncryptProcessEntities::checkField() HOT 1
- Field Encrypt incompatible with Workbench Moderation HOT 11
- Fatal error: Cannot call abstract method Drupal\Core\Entity\FieldableEntityInterface::baseFieldDefinitions() in field_encrypt/src/Entity/EncryptedFieldValue.php HOT 9
- Provide alternatives to "[ENCRYPTED]" storage values for other field types. HOT 3
- Followup: add field deletion tests HOT 1
- Update README HOT 1
- Add a hook that allows you to select whether you want a field/entity to be encrypted as a per entity basis. (not per entity type) HOT 2
- Create plugin system for field types HOT 3
- Incompatibility with Panelizer HOT 2
- Workbench moderation + field encrypt + translations isn't working HOT 2
- Document module in readme HOT 1
- Integrate with Travis HOT 2
- Perform code review HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from field_encrypt.