« lsqlite3 / lsqlcrypt3 | Main | I'm A MySQL Warning »

05 December 2004

ZSQLcryptDA

[Software]  [SQLcrypt] 

From PySQLcrypt, it is a small step to ZSQLcryptDA, an SQLcrypt database adaptor for Zope.

ZSQLcryptDA

The screenshot shows ZSQLcryptDA accessing the 'customerdb' database created by PySQLcrypt's crypt_dbapi_txns.py demo program.

I've updated the PySQLcrypt demo download to include ZSQLcryptDA. Install the Python module 'sqlcrypt', then copy or move the ZSQLcryptDA/ directory into your Zope product directory and restart Zope. Again, note that this distribution is a commercial demo: It works, but the underlying SQLcrypt engine also stores the passphrase at the beginning of the database file.

SQLcrypt derives its cipher key from the passphrase. Because of passphrase salting, there is an asymmetry in SQLcrypt's operation: when an encrypted database is first created, one specifies the "encrypt" operation which causes a salt to be generated; subsequently, one specifies the "decrypt" operation, which causes SQLcrypt to read the salt from the database.

For ZSQLcryptDA, at present, this means that encrypted databases should be created - set up tables, triggers and whatnot - "out-of-band" and then placed in <zope-instance>/var/sqlcrypt/. When creating a Zope database connection through Zope's TTW interface, the passphrase supplied is used in "decrypt" mode.

ZSQLcryptDA is based on Hagime Nakagami's ZSQLiteDA.


Posted by ngps at 02:01 | Comments (0) | Trackbacks (0)
Comments
There is no comment.
Trackbacks
Please send trackback to:http://sandbox.rulemaker.net/ngps/171/tbping
There is no trackback.