加密&解密RavenDB中的索引字段
我的应用程序要求我们需要加密索引字段。目前,加密/解密是在应用程序级别处理的。我希望将加密过程从应用程序层移开,这样我就不必手动加密模型或查询中的数据。
我想用属性来装饰模型以确定该字段是否应该加密。我正在考虑使用 IDocumentConversionListener 来处理文档之间的转换。这是处理这个问题的最佳地点吗?如果是这样,如何仅加密/解密复杂模型中具有属性的字段?以下是具有两个需要加密的字段的模型示例。
public class User
{
public string Id { get; set; }
[EncryptAttribute]
public string Name { get; set; }
public Contact PhoneNumber { get; set; }
public class Contact
{
public string Type { get; set; }
[EncryptAttribute]
public string Value { get; set; }
}
}
public class SecureFieldListener : IDocumentConversionListener
{
public void EntityToDocument(object entity, RavenJObject document, RavenJObject metadata)
{
}
public void DocumentToEntity(object entity, RavenJObject document, RavenJObject metadata)
{
}
}
My application has a requirement that we need to encrypt index fields. Right now the encryption/decryption is handled at the application level. I want to move the encryption process away from the application layer so I don’t have to manually encrypt data in model or in the query.
I want to decorate the model with attributes to determine if the field should be encrypted or not. I was looking at using IDocumentConversionListener to handle the conversion to and from a document. Is this the best place to handle this? If so, how do I encrypt/decrypt only the fields with attributes in a complex model? Below is an example of the model with two fields that need to be encrypted.
public class User
{
public string Id { get; set; }
[EncryptAttribute]
public string Name { get; set; }
public Contact PhoneNumber { get; set; }
public class Contact
{
public string Type { get; set; }
[EncryptAttribute]
public string Value { get; set; }
}
}
public class SecureFieldListener : IDocumentConversionListener
{
public void EntityToDocument(object entity, RavenJObject document, RavenJObject metadata)
{
}
public void DocumentToEntity(object entity, RavenJObject document, RavenJObject metadata)
{
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
至于如何存储加密文档,请看这里:http://daniellang.net/document -level-encryption-in-ravendb/
在高级别(lucene 之上)加密索引有很多严重的问题,我很确定你不想这样做。范围查询不起作用,排序会被破坏,全文搜索不可能等。
请注意,默认情况下,raven 将字段存储在 lucene 中,而不使用字段存储。这意味着,虽然您可以在查询中使用它们,但实际上无法将它们的值作为搜索结果检索回来。然而,我知道在非常安全的环境中这可能还不够,因为尽管有可能以某种方式提取它们。
因此,如果您确实需要如此高的安全性,我建议您选择以下选项之一:
As for how to store documents encrypted, look here: http://daniellang.net/document-level-encryption-in-ravendb/
Encrypting the indexes at a high level (above lucene) has a lot of severe problems and I'm pretty sure that you don't want to do that. Range queries wouldn't work, ordering would be broken, full-text search impossible, etc.
Please note that by default, raven stores fields inside lucene without field storage. That means, while you can use them in queries, you can't actually retrieve their value back as a search result. However, I understand that in very secure environments this might not be sufficient, as it could be possible to extract them somehow though.
So if you really need such high security, I suggest you go for one of the following option: