Make some informations confidential
Hello to all,
I am the administrator of a database that processes information, some of which is confidential, including to me. These are text or rich text comments. I would like to be able to protect these comments so that even the administrator (me or someone else) can't see them. In other words, that only the author of the comments and people of his choice can access them.
Do you have any idea how to do this?
Not really. As the administrator, by definition, you can always override any sort of security measures. You can use the “Allowed to read” setting for a field to only show the field based on a users “Access Rights” setting for certain groups of users. Alternatively, every time a text or comments field is updated you could record the user id in a hidden field and then add a script to the comment fields “Display field only if” to only display it if the current user matches the hidden field value and the hidden field value is not null. Clearly, if you do this only the same user would be able to make any changes to the data already in that field as it wouldn’t appear for anyone else.
Jacques TUR , you got 3 ways to go about this
- play with users & roles / show / hide of fields.... won't do the job as all this sensitive data is actually accessible in clear through API, and you're the owner of the API
- second approach is through some native scripting within ninox. I think the Ninext module you've built will help you out in making something really nice. you could call the native ninox function ninoxCore.util.AESEncrypt passing in the data you'd want to encrpyt, and a password. It's a simple AES 256 / PBE implementation that just works. There is a similar function which allows you to decrypt. BUT ! this assumes your users would need to enter a password somewhere everytime they open the app... Not sure it's the ideal way to go about it. Also you'l need to handle both sensitive & shared data (like patient data). In that case you'd need to implement a master encryption key and encrypt it several times with the password of every user in your database. bon courage ! c'est du boulot !
Here is an example for illustration
ninoxCore.util.AESEncrypt("donnée sensible","monsupermotdepasse") U2FsdGVkX19rai74K+xc2IwRMvbbSEDzQt4GktvlKiX13inZlUBldkPhoDdkz9Z9 ninoxCore.util.AESDecrypt("U2FsdGVkX19rai74K+xc2IwRMvbbSEDzQt4GktvlKiX13inZlUBldkPhoDdkz9Z9","monsupermotdepasse") donnée sensible
- third option is to use tokenization. one option would be https://www.lunasec.io. Never tested it before but i think it's totally feasible. Besides it's open source, so you're still within your GDPR perimeter if you host it on site