带有数据表的Laravel:搜索加密的数据 [英] Laravel with datatables: searching encrypted data
问题描述
在使用Laravel的数据表时遇到了一个很大的问题.我有一个具有3个值的模型,该3个值由setter/getter自动加密(使用Crypt).
I have encountered a great issue while using Laravel's datatables. I have a model that has 3 values automatically encrypted (using Crypt) by setter/getter.
我正在使用数据表来渲染表:
I am using datatables to render a table by doing so:
return datatables()->of(Patient::query())
->addColumn('name_surname', function($row){
return $row->name.' '.$row->surname;
})
->make(true);
有3种方法可以将模型传递给数据表:
There is 3 ways to pass a model to datatable:
- 通过查询(患者:: query())
- 按集合(Patient :: all())
- 通过DB Facade
第三个不解密数据.查询是超快速的,但不允许搜索数据收集可用于所有内容,但速度极慢.(5-7秒/表抽奖).我也尝试过对其进行缓存,但是这并没有给我带来任何帮助
The third doesnt decrypt data. The query is ultrafast but doesnt allow searching through data Collection allows on everything but it's ultra slow. (5-7 seconds / table draw). I also tried caching it but it didnt bring any help to this to my suprise
如何在不影响性能下降的情况下搜索加密数据?
How can I possibly search through encrypted data without causing performance to drop so low?
顺便说一句.这就是Trait im用于setter加密和getter解密
Btw. That's the Trait im using for setter encryption and getter decryption
public function getAttribute($key)
{
$value = parent::getAttribute($key);
if (in_array($key, $this->encryptable)) {
$value = Crypt::decrypt($value);
} return $value;
}
public function setAttribute($key, $value)
{
if (in_array($key, $this->encryptable)) {
$value = Crypt::encrypt($value);
}
return parent::setAttribute($key, $value);
}
推荐答案
更新(2019-06-02):有一个实现此目的的独立库,称为CipherSweet .此外,正在开发Laravel适配器 .
Update (2019-06-02): There's a standalone library that implements this, called CipherSweet. Additionally, a Laravel adapter is in the works.
This has been answered in a blog post titled (appropriately), Building Searchable Encrypted Databases with PHP and SQL. You can expand upon its contents by asking yourself the following questions:
- 我加密的数据有多敏感?
- 如果人们的生命受到威胁,可能会受到严重影响:使用KDF作为盲指标.
- 不太好:将HMAC用于盲索引.
- 从未发生冲突:使用完整的KDF/HMAC输出.
- 冲突好:截断(节省存储空间),用作Bloom过滤器.
回答完这些问题后,将确保您的加密提供密文完整性(例如,libsodium的 crypto_secretbox()
每条消息随机随机数),并且将使用具有不同密钥的HMAC/PBKDF2可以生成明文的盲索引,以与密文(即单独的列)一起存储.
Once you have these questions answered, you're going to make sure your encryption provides ciphertext integrity (e.g. libsodium's crypto_secretbox()
with a random nonce per message), and you're going to use HMAC/PBKDF2 with a different key to generate a blind index of the plaintext to store alongside the ciphertext (i.e. separate column).
代替查询密文,只需重建盲索引,然后解密结果即可.这为您提供了快速,可靠的搜索操作,同时仍提供了语义安全的数据加密.
Instead of querying for the ciphertext, just rebuild the blind index then decrypt the results. This gives you a fast, reliable search operation while still offering semantically-secure data encryption.
这篇关于带有数据表的Laravel:搜索加密的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!