Just doing some work want was wanting to gauge the likely hood of a patch being accepted which changes the object cache so that it will optionally encrypt the contents on disk.

I was thinking of changing the following functions like so

function ctools_object_cache_set($obj, $name, $cache, $enc_key = NULL)
function ctools_object_cache_get($obj, $name, $skip_cache = FALSE, $enc_key)

So when it is writing the object to the database it will encrypt and decrypt the data blob.

I was actually thinking that I could use the form_build_id as the encryption key which I think should be pretty safe since it is a completely random key and is generally only stored in the current form.

I was thinking of use mcrypt_encrypt() and mcrypt_decrypt() to do these and add in a check so that it would only do it if the mcrypt extension is loaded.

Comments

merlinofchaos’s picture

merlinofchaos commented

I'm not against this, but can you give me a use-case?

davea’s picture

davea commented

The use-case would be the storing of payment information for the short amount of time between form submission and payment processing. The encryption would ensure that the database would not contain cardholder data in clear text.

japerry’s picture

japerry
Location KOMK
commented
Issue summary: View changes
Status: Active » Closed (outdated)

Closing this issue as outdated as Drupal 6 ctools is not supported. If this issue is relevant for Drupal 7, feel free to re-open and mark for Drupal 7 (or 8)