[Django]-Strategies for Encryption with Django + Postgres?

2đź‘Ť

âś…

What are you protecting against? If attacker would get access to your DB/filesystem, he would find how you decrypt data & keys. Hiding your encription key is not an easy task (and rarely implemented in “usual” applications).

I would spend more time on protecting the server and fixing all general security issues.

👤BarsMonster

5đź‘Ť

You can also check django-pgcrypto: https://github.com/dcwatson/django-pgcrypto

5đź‘Ť

I agree that first you need to consider your overall security model and what threat avenues might be the most risk, a la this article:

https://security.stackexchange.com/questions/16939/is-it-generally-a-bad-idea-to-encrypt-database-fields

but also take a look at these for encrypted fields in Django:

encrypted fields: https://github.com/svetlyak40wt/django-fields

more encrypted fields:

https://github.com/defrex/django-encrypted-fields,
https://github.com/django-extensions/django-extensions

👤Dave Parizek

1đź‘Ť

If you decide to do the encryption in your web app side and you are using Django for your app, you can take a look django-extensions, especially EncryptedCharField and EncryptedTextField. -> https://github.com/django-extensions/django-extensions/blob/master/docs/field_extensions.rst

Leave a comment