Return-Path: 
 <user-return-15497-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 91591 invoked from network); 28 Mar 2011 23:43:02 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 28 Mar 2011 23:43:02 -0000
Received: (qmail 51587 invoked by uid 500); 28 Mar 2011 23:43:01 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 51555 invoked by uid 500); 28 Mar 2011 23:43:01 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 51547 invoked by uid 99); 28 Mar 2011 23:43:01 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Mar 2011 23:43:01 +0000
X-ASF-Spam-Status: No, hits=2.9 required=5.0
	tests=FREEMAIL_FROM,FS_REPLICA,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of mrtrick@gmail.com designates
 209.85.214.180 as permitted sender)
Received: from [209.85.214.180] (HELO mail-iw0-f180.google.com)
 (209.85.214.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Mar 2011 23:42:53 +0000
Received: by iwn6 with SMTP id 6so6304374iwn.11
        for <user@couchdb.apache.org>; Mon, 28 Mar 2011 16:42:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:message-id:date:from:user-agent:mime-version:to
         :subject:references:in-reply-to:content-type
         :content-transfer-encoding;
        bh=0RYx8E6q/O4SfcNMFd8yrU64JekNYVYTsZ9ZWPX26BA=;
        b=WfpGPX4pkJyqKxxNtEctJC7Y9Nkd2qAy27/DU93yaVuL6aGWcLGh/uJAg8BqYpBPI5
         SMYgUQv5viin0gcJ1wWk7QD/V2w22Vi0vhqu7l2HeNkfv4eUvhEmRXy+PRYRFeuu6Myn
         HGa0RFgZo4fzbbPaOSN2tS0IF+x8WrEdXyJoU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        b=o8euF+q2rAs9GtZtryCRZJWHuTbqoGM8YqhCpdmmbswOQAyoHtYp/FQFFT2SAA4nEA
         Ecv8JbisxeVytF4hP43I95S0ONtwiscWVNIytOfUOqWwSPbcENwxy/U662diSGK2tdp2
         PbqRFaBPBmjBv0+jTaYA5YeABqZvfgRuZpSFk=
Received: by 10.43.59.72 with SMTP id wn8mr8059698icb.48.1301355752913;
        Mon, 28 Mar 2011 16:42:32 -0700 (PDT)
Received: from [138.25.47.215] (eng047215.eng.uts.edu.au [138.25.47.215])
        by mx.google.com with ESMTPS id vx7sm3079488icb.14.2011.03.28.16.42.30
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 28 Mar 2011 16:42:31 -0700 (PDT)
Message-ID: <4D911CC3.4040203@gmail.com>
Date: Tue, 29 Mar 2011 10:41:55 +1100
From: Patrick Barnes <mrtrick@gmail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9
MIME-Version: 1.0
To: user@couchdb.apache.org
Subject: Re: Question about validator functions and replication
References: <AANLkTin4sy3AQp=tdWMBv+U_UPQpN6wV81Mj5YDHxfDO@mail.gmail.com>
	<4D8BCD50.8080003@gmail.com>
	<AANLkTi=L380Dma4qr4Cq-ENbjSvAzaOwWk-Ysxqa=RQr@mail.gmail.com>
	<4D8DDF4B.8010108@gmail.com>
 <AANLkTi=R5h_K+B124njJXZeojJM0wyaeN2adkh0WQJDq@mail.gmail.com>
In-Reply-To: <AANLkTi=R5h_K+B124njJXZeojJM0wyaeN2adkh0WQJDq@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 29/03/2011 2:38 AM, Nebu Pookins wrote:
>> If you have some secure data floating around in your db, encryption can
>> >  still be a good idea. Parts of one of my databases are encrypted, because
>> >  users need to be able to see some documents in the db but not others.
> I'm curious as how you've implemented encryption in your DB. Was it
> pure JavaScript, or did you use native libraries? Elsewhere in this
> thread, I've started a new "branch" where I've started outlining my
> concerns with a pure JavaScript solution and wondered if cryptography
> could be included as a core feature of CouchDB.

I'm using couchdb as a database, not to serve up pages directly to 
users. As a consequence, a 'user' is a web application, and multiple 
applications have differing levels of access to the database.

Each application is allowed to store it's own 'application data' 
documents and I override two methods in my document class to allow 
transparent decryption/encryption of those docs when read/written. (see 
below)

The reason I implemented encryption is that there's no per-doc read 
access control in couchdb, so without encryption, I'm not able to 
prevent applications from accessing another application's document. It's 
not as good a solution as proper access control.

-Patrick


	/**
	 * Given an object - load all the attributes from it into the document 
- displacing existing attributes.
      * If the data field is encrypted, attempts to decrypt it.
	 * @param stdClass $obj : An object with the desired attributes.
	 **/
	public function loadFromObject(stdClass $obj) {
         parent::loadFromObject($obj);
         if ($this->doc_type != 'appdata') throw new 
InvalidArgumentException("Wrong object type - Cgm_Appdata is for appdata 
only");

         //Does the data section need to be decrypted?
         if (isset($this->encrypted) and $this->encrypted == true) {
             // Check that decryption info is stored
             $conf = Cgm_Document_Gateway::getAppConfig($this->source);
             if (!$conf->decrypt) throw new LogicException("Cannot load 
document - no decryption is configured, and the document is encrypted.");

             // Decrypt and decode the data
             $decryptor = new Zend_Filter_Decrypt($conf->decrypt);

             $raw = base64_decode($this->data);
             $plain_json = trim($decryptor->filter($raw));
             $plain = json_decode($plain_json);

             if ($plain === NULL) throw new LogicException("Cannot load 
document - decryption configuration is incorrect.");

             // Store the plain data within the object, in the same way 
as a non-encrypted object.
             $this->data = $plain;
             unset($this->encrypted);
         }
	}

     /**
      * Export to an object.
      * If encryption is configured, attempts to encrypt the data field.
      * @return stdClass $obj
      */
     public function exportToObject() {
         $obj = parent::exportToObject();

         //Should the data section be encrypted?
         $conf = Cgm_Document_Gateway::getAppConfig($this->source);
         if ($conf->encrypt) {
             $encryptor = new Zend_Filter_Encrypt($conf->encrypt);
             $cryptdata = base64_encode( $encryptor->filter( 
Zend_Json::encode($obj->data) ) );
             $obj->data = $cryptdata;
             $obj->encrypted = true;
         }
         //Was it encrypted before? - ensure that the flag is cleared
         elseif (isset($obj->encrypted)) {
             $obj->encrypted = false;
         }

         return $obj;
     }