如何存储需要在不同用户之间共享的敏感信息? [英] How to store sensitive information that needs to be shared across different users?
问题描述
我必须使用Django在数据库中存储一些敏感信息。
I have to store some sensitive information in my database using Django.
我有一个 Client
模型,每个客户都有一堆 SocialAccounts
(Twitter,FB等),带有URL,客户和密码。
I have a Client
model and each client has a bunch of SocialAccounts
(twitter, fb, etc) with an URL, client and password.
考虑到属于管理员组的所有用户都应该能够看到密码。将这些密码存储在数据库中的安全方法是什么?
Considering ALL users that belong to the group "Administrator" should be able to see the passwords. What's a safe way to store those passwords in the database?
推荐答案
因此,显然django-extensions具有为此两个字段:
So apparently django-extensions has two fields for this very purpose:
- EncryptedCharField-CharField,它在进出数据库时透明地加密其值。加密由
Keyczar处理。要使用此字段,您必须已安装Keyczar,已
生成了主加密密钥并进行了设置。KEYS_DIR设置为
密钥目录的完整路径。
- EncryptedTextField-CharField,当它进出数据库时,它会透明加密其值。加密由
Keyczar处理。要使用此字段,您必须已安装Keyczar,已
生成了主加密密钥并进行了设置。KEYS_DIR设置为
密钥目录的完整路径。
所以基本上我必须安装(1) keyczar及其对python的依赖关系:
So basically I had to install (1) keyczar and its dependencies for python:
pip install https://keyczar.googlecode.com/files/python-keyczar-0.71c.tar.gz
pip install pycrypto
pip install pyasn1
(如果尚未安装,请安装django -扩展名。)
(if you don't have it yet,... install django-extensions too.)
(2)创建一个目录,您将在其中存储密钥并创建密钥:
(2) create a directory where you will store your keys and create your keys:
mkdir keys
python path/to/keyczart.py create --location='keys' --purpose='crypt' --name='whatever_name'
python path/to/keyczart.py addkey --location='keys' --status='primary'
(3)将目录添加到ENCRYPT下的settings.py ED_FIELD_KEYS_DIR。
(3) Add the directory to your settings.py under ENCRYPTED_FIELD_KEYS_DIR.
最后(4)将EncryptedCharField或EncrytedTextField添加到模型中:
and finally (4) add the EncryptedCharField or EncrytedTextField to your model:
from django_extensions.db.fields.encrypted import EncryptedCharField
class SocialAccount(models.Model):
platform = models.ForeignKey(SocialPlatformType,
related_name='platforms')
url = models.URLField('Account url', unique=True,
null=True, blank=True)
password = EncryptedCharField(null=True, blank=True, max_length=255)
content_type = models.ForeignKey(ContentType)
object_id = models.PositiveIntegerField()
content_object = generic.GenericForeignKey('content_type', 'object_id')
def __unicode__(self):
return self.url
我希望有人觉得这有用。
I hope somebody finds this useful.
这篇关于如何存储需要在不同用户之间共享的敏感信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!