Client side encryption Django

时光总嘲笑我的痴心妄想 提交于 2020-01-05 04:32:08

问题


I just finished an app and, for safety reasons, I would like the content of some fields of the db to be readable only by the user. This involves client side encryption and I think that I found a decent pure js implementation.

Typically, I would go for an AES 256 CBC using parts of the user's password hash (client side computation) as key an vi (stored somehow) to feed the encrypt and decrypt functions.

Here comes the thing. The decryption is pretty straightforward. Spontaneously, I would call the function directly in the templates using the objects passed in context as inputs for my function. It would look like:

<div class=whatever_the_class>
    <script>
        decrypt_function({{ patient.first_name }}, key, vi) 
        decrypt_function({{ patient.last_name }}, key, vi)
    </script>
</div>

However, I am not sure how to deal with encryption in forms. I think that I need to bypass somehow the way my forms work (in this example form_add) to take the output of my encrypt function as data but I really do not know how/where to do it. In the widget section of my form? In the template?

Any thoughts? Any clean way to do it? (I am also interested in similar questions/posts/projects to get a clearer picture)

# template
<form id="add_patient" method="post" action="add-patient/"> 
        {% csrf_token %}
        {{ form_add }}
        <input type="submit" value="Entrer">
</form>

# view
def index(request):
    try:
        user = request.user
        form_add = AddPatientForm()

        return render(request, 'jengu/index.html', {'form_add': form_add, 'form_record': form_record})
    except:
        return redirect('/')

# form
class AddPatientForm(forms.Form):
    last_name = forms.CharField(label='Nom', max_length=40)
    first_name = forms.CharField(label='Prénom', max_length=40)
    birthday = forms.DateField(label='date de naissance',
    widget=forms.DateInput(format='%d/%m/%Y',attrs={'placeholder': '31/03/1989'}),
    input_formats=['%d/%m/%Y',])

来源:https://stackoverflow.com/questions/53978740/client-side-encryption-django

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!