Foren

Encrypted Expando Values

Nisarg Parikh, geändert vor 12 Jahren.

Encrypted Expando Values

Expert Beiträge: 262 Beitrittsdatum: 31.12.09 Neueste Beiträge
Hi All,

I have one organization and has few Custom Fields.
Values are stored in DB in ExpandoValue table.

Is there any way I can encrypt so that values cannot be manipulated?

Or any other way I can store some values for Organization that cannot be change by anyone but super admin?

Please help me in this.

Thank you in advance.

-Nisarg
thumbnail
David H Nebinger, geändert vor 12 Jahren.

RE: Encrypted Expando Values

Liferay Legend Beiträge: 14914 Beitrittsdatum: 02.09.06 Neueste Beiträge
No OOTB way to do this, but you can certainly override/extend LR to handle it (in fact that's what you'd have to do).

Your issue is going to be how to handle your encryption... For example, on the custom fields page it calls out to an API to get the value, and the API will pull it from the database. If you insert your encryption/decryption stuff between the API and the database, the page will have visibility on the decrypted value (but it is stored as encrypted in the database which is what many use cases require).

If you extend the normal API to add methods to handle the encryption/decryption, then the page would use the the normal API and not have visibility on the decrypted value, but you'd have extend the page itself to make the field uneditable to non-super-admins and to use the extended API when a super admin is using the page.

All of these things are doable, but you'll have to have a plan going in defining what you need and how you're going to tackle the issues.
Nisarg Parikh, geändert vor 12 Jahren.

RE: Encrypted Expando Values

Expert Beiträge: 262 Beitrittsdatum: 31.12.09 Neueste Beiträge
Thanks for your response.

David H Nebinger:

Your issue is going to be how to handle your encryption... For example, on the custom fields page it calls out to an API to get the value, and the API will pull it from the database. If you insert your encryption/decryption stuff between the API and the database, the page will have visibility on the decrypted value (but it is stored as encrypted in the database which is what many use cases require).



In this case how can I do achieve this? using Hook or using EXT plug in?
Can you please explain me approach how to achieve this technically?

Thank you.

-Nisarg