0

Make some informations confidential

Hello to all,


I am the administrator of a database that processes information, some of which is confidential, including to me. These are text or rich text comments. I would like to be able to protect these comments so that even the administrator (me or someone else) can't see them. In other words, that only the author of the comments and people of his choice can access them.

Do you have any idea how to do this?

13 replies

null
    • Paul_Chappell
    • 2 yrs ago
    • Reported - view

    Not really. As the administrator, by definition,  you can always override any sort of security measures. You can use the “Allowed to read” setting for a field to only show the field based on a users “Access Rights” setting for certain groups of users. Alternatively, every time a text or comments field is updated you could record the user id in a hidden field and then add a script to the comment fields “Display field only if” to only display it if the current user matches the hidden field value and the hidden field value is not null. Clearly, if you do this only the same user would be able to make any changes to the data already in that field as it wouldn’t appear for anyone else.

      • Ninox developper
      • Jacques_TUR
      • 2 yrs ago
      • Reported - view

      Paul Chappell Thank you very much Paul for these proposals which I could use for other applications. 
      For my current need, it is necessary that even the administrator can not see the data. Like for example with a password that only the user knows to make the information visible.


      Have any of you ever had to deal with this issue?

      • Paul_Chappell
      • 2 yrs ago
      • Reported - view

      Jacques TUR It is certainly possible to hide sensitive fields in a different hidden table record and protect them by various measures, such as needing a user password. However, as you will be the one implementing any password restrictions clearly you could always bypass your own restrictions.

      • Paul_Chappell
      • 2 yrs ago
      • Reported - view

      Jacques TUR Actually, I have another thought. It would be possible to create 2 functions to encrypt and decrypt a text field based on a password. You would need 3 fields. Two memory only fields - one for a password and one for a text field as well as the main table data text field which would be hidden. The user would enter their original text as well as the password and the encrypt function would store the results in the main field which no-one would see. If the main field was not empty the password would use the decrypt function to reverse the process and re display the original text field. That would work nicely. You just need to design 2 functions to do the encryption/decryption. And, of course, hope the user doesn’t forget the password!

    • John_Halls
    • 2 yrs ago
    • Reported - view

    How about using PGP (Pretty Good Privacy) somehow? If anyone can, you can Jacques TUR

    • MODA
    • 2 yrs ago
    • Reported - view

    Jacques TUR , you got 3 ways to go about this

    1. play with users & roles / show / hide of fields.... won't do the job as all this sensitive data is actually accessible in clear through API, and you're the owner of the API
    2. second approach is through some native scripting within ninox. I think the Ninext module you've built will help you out in making something really nice. you could call  the native ninox function ninoxCore.util.AESEncrypt passing in the data you'd want to encrpyt, and a password. It's a simple AES 256 / PBE implementation that just works. There is a similar function which allows you to decrypt. BUT ! this assumes your users would need to enter a password somewhere everytime they open the app... Not sure it's the ideal way to go about it. Also you'l need to handle both sensitive & shared data (like patient data). In that case you'd need to implement a master encryption key and encrypt it several times with the password of every user in your database. bon courage ! c'est du boulot !

      Here is an example for illustration
    3. ninoxCore.util.AESEncrypt("donnée sensible","monsupermotdepasse")
U2FsdGVkX19rai74K+xc2IwRMvbbSEDzQt4GktvlKiX13inZlUBldkPhoDdkz9Z9

ninoxCore.util.AESDecrypt("U2FsdGVkX19rai74K+xc2IwRMvbbSEDzQt4GktvlKiX13inZlUBldkPhoDdkz9Z9","monsupermotdepasse")
donnée sensible
    4. third option is to use tokenization. one option would be https://www.lunasec.io. Never tested it before but i think it's totally feasible. Besides it's open source, so you're still within your GDPR perimeter if you host it on site
    • Ninox developper
    • Jacques_TUR
    • 2 yrs ago
    • Reported - view

    Thank you all for your valuable responses.

    As MODA explains, I need to find a solution for data that is encrypted by a person who wants to share it with other people of his choice without having to share his password.

    I will try to make a solution with all this and I will tell you how I did it.

      • MODA
      • 2 yrs ago
      • Reported - view

      Jacques TUR public key cryptography was designed for this. you encrypt data for a person using his/her public key, and only him/her with the corresponding private key can decrypt the data. You do public key cryptography in your every day activity by simply hitting httpS. The S which initiates the SSL/TLS handshake which does a few things silently : download the public key of the site you're visiting, verifying it's authenticity (CN = FQDN of the site), generating a symmetric session AES encryption key that only your navigator knows, wrapping (encrypting) that key with the public key of the site and sending it back to the site. Only the site has the private key corresponding to his public key, so only the site can unwrap the secret you've sent him. Once the site unwraps the secret he can communicate with you through that key and you see the 🔒 lock in the browser.

      you could eventually go that line for your problematic. BUT you'll still need to secure the private keys of the recipient users. The analogy of this is your credit cards. The SIM contains your private key which can't be exported and is protected by your PIN. You'll need to handle that pin code somehow.

      Have a look at www.hashicorp.com which allows you to tokenize sensitive data and has behind the scene the wrapping mechanism & the public key cryptography layer (so you only deal with APIs). It's also open source.

      Best !

    • John_Halls
    • 2 yrs ago
    • Reported - view

    With your skills I think you could build yourself an XOR Cypher. https://en.wikipedia.org/wiki/XOR_cipher

      • Ninox developper
      • Jacques_TUR
      • 2 yrs ago
      • Reported - view

      John Halls Thanks John. Of course encryption is part of the problem, but I prefer to use something that already exists (I'm lazy 😂). The other big question is how to share the password between users without the administrator seeing it.

      • Paul_Chappell
      • 2 yrs ago
      • Reported - view

      Jacques TUR The password will never be stored. It would need to be known by the users and entered manually each time they log in to the database, maybe on a special login form. First to encrypt the data and then to unencrypt when the data need to be seen. How they share the password is down to them. Carrier pigeon? 😀

      • Paul_Chappell
      • 2 yrs ago
      • Reported - view

      John Halls XOR is a great idea. Something I learned about 40 years ago. Well worth investigating how Ninox could handle this.

      • John_Halls
      • 2 yrs ago
      • Reported - view

      Paul Chappell Thanks. I only learned about this a few days ago. I found the simple concept fascinating!

Login to reply

Content aside

  • 2 yrs agoLast active
  • 13Replies
  • 349Views
  • 4 Following