Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By shanavas on
is there any way to encrypt the data stored on database in Drupal5
Comments
What are you trying to do?
I don't believe that there is a "built-in" method of managing raw content, which is what any encrypted content would be. There are several strategies that could be used to make this happen, but none of these is universal. The standard security/encryption questions apply here: What data are you trying to protect? From whom? For how long?
For example, one could write a content filter that automatically encrypts & decrypts certain data. The data would be encrypted in the database, but displayed in clear text on the web page. Then, a role-access system could be used to decide who gets to see the decrypted data, and who sees "[redacted]" or similar text.
The problem (or the good thing!) with this scenario is that all of the encryption & decryption happens on the server. You may not trust your server if it's in a shared environment, so you may prefer to have the decryption happen client-side. This means Javascript or AJAX code to do the decryption, and each user will have to remember a password or key.
You could even combine the two tactics by performing a crypto operation on a stored key using a user-supplied key. But this idea raises the concern that the real key may need to flow over the Internet, which presents different risks.
So, with those ideas tossed out for discussion, what were you trying to do?
security features
am just checking the security features available in drupal . the following example meet my requirement but how ?
For example, one could write a content filter that automatically encrypts & decrypts certain data. The data would be encrypted in the database, but displayed in clear text on the web page.
And i have another scenario that is the following thing describes. When a member of my site creates a content
1. Content is displayed according to the three levels of privacy:
b. Private: Content is only shown to the owner of that content.
c. Friends Only: Content is shown to the owner and the friends of that owner.
d. Public: Content is shown to everyone including all members and anonymous users.
i am planning to create a community site. will u please help me how to achieve this
Think Access Control, not Encryption
Based on your description, it seems that you're not concerned about the theft of data out of your database, but instead simply making sure that the only the right users see the nodes. This is a job for an access control tool, not encryption.
A quick search of available modules brings up the Private Nodes module, which requires the Buddylist module to get what you need. Other probably useful modules are Buddy API and Buddylist UI
My description of a crypto content filter was intended as an example. No such module exists today, probably because of the questions I raised in the description. You could write it (or get someone to write it for you), but you'd have to decide which of the operating modes I described fits your needs best, and as I've said, I don't think encryption is necessarily what you're looking for.
I hope this helps.
Database Hacking
Thanks a lot
The information is useful . surely i will check whether it meet my goal .
if there is a hack Occur against the database so i need to store the data in an encrypted format.
So what i am thinking is one way to achieve this by tweaking the code in node module (for eg while creating the node i can pass the content of a node after encryption into the insert query) or another way i am thinking right a separate module and by using hook_nodeapi implement the same thing. Is i am thinking the right way ?
how can i extent user profile with additional fields is there any built in module available?
In invite your friends and colleagues when i try to invite a friend through email.i am not getting any email. But i checked the smtp settings and i tried a test mail but its working . whats the wrong i did? plz help me
Thanks for the
Thanks for the information..
I am interested in a way to safeguard that data from the custodian of the DB server in case of a shared/hosted environment. The security requirement of confidentiality is preventing us from utilizing the exceptional value being provided by so many hosting providers out there... The fact is that due to their subject matter expertise, they are able to provide a much better QoS in the exceptionally lower cost as compared to what we are doing in-house..
I cannot really think of any thing better than having encryption/decryption on the client side using javascript/Ajax as mentioned by dfaulkner. What is the feasibility of such functionality? Any other efficient ideas?
Regards,
-Nabil.
you have share such nice
you have share such nice information with us