Derek Hodgkins
New Member
Posts:4
 |
| 31 Aug 2006 02:44 PM |
|
Hello,
I recently purchased XMod and I have been very impressed with its capabilities. One of the issues I would like to address with my site is the encryption of certain data that is submitted and viewed through XMod. Would it be possible to extend XMod such that data submitted to the database is encrypted and then, when viewing the data, decrypted?
If this is possible could you suggest a starting point for looking at how XMod stores and retrieves data? Thanks.
- Derek
|
|
|
|
|
DNNDev Admin
Senior Member
Posts:6419
|
| 31 Aug 2006 06:01 PM |
|
Hi Derek,
Do you need ALL data encrypted or just some data - i.e. like a text box for entering a credit card number?
Best,
Kelly
|
|
Power Your Website With XMod Pro
Buy XMod Pro Today |
|
|
Derek Hodgkins
New Member
Posts:4
|
| 31 Aug 2006 06:51 PM |
|
Hi Kelly,
Thanks for the reply. I do not need all data encrypted. There are some lists I would like to be able to have the option to encrypt some data fields. Applications I was thinking of were storage of credit card information, health insurance information etc. I would guess that many, if not most, people use a hosting provider for hosting their DNN portal. Since these hosting companies would have access to the raw database it would be nice to be able to store certain data fields as encrypted.
I don’t even think that any special encryption would have to be used. The built in encryption algorithms built into .NET should more than suffice. Is there someway to “extend” the XMod control to override properties that read/write to the database and replace them with versions that can translate encrypted data from/to the database?
Any suggestions you may have on where to start would be most welcome. As a .NET developer, I would be glad to work on the problem.
- Derek
P.S. Thanks again for such a fine module and providing the support that you do for it.
|
|
|
|
|
DNNDev Admin
Senior Member
Posts:6419
|
| 31 Aug 2006 07:02 PM |
|
Hi Derek,
Well, I can help you with things like CC info that will never be displayed fully in a template (usually, they are obfuscated, except for the last 4 digits). For that, the best approach to take is to create a custom Server Control that implements XMod's IFormControl interface. From there you can simply inherit from an ASP.NET textbox and extend it. Implementing the IFormControl interface allows you to have a display text and a hidden value. The display text can be your obfuscated number and the hidden text can be the encrypted value.
Now, there would be a problem if you want to completely display the value in a template. There's no good way to un-encrypt the value for display.
Best,
Kelly
|
|
Power Your Website With XMod Pro
Buy XMod Pro Today |
|
|
Derek Hodgkins
New Member
Posts:4
|
| 31 Aug 2006 07:44 PM |
|
Hi Kelly,
I am a bit confused as to why it might be difficult to display the encrypted value in a template? I am sure this is due to my lack of understanding as to how XMod works.
Would I be correct in assuming that XMod stores the data that a user enters somewhere in the SQL database? If so, it is ONLY in the SQL database that I want to have the data in question encrypted. I do not want to obfuscate the data in any way to the user. To the user, XMod would function without any change other than the option to store a specified field as encrypted in the database.
So for example, say I have created an XMod list that I would like to store my health insurance information. Only certain fields, such as Health Insurance ID # needs to be encrypted. The user enters their health insurance ID # in plain text into the XMod form. When they submit this record XMod uses an encryption routine that encrypts the value of the health insurance ID # and stores this encrypted value in the database. When the user wants to view this data the reverse process takes place. The encrypted health insurance ID# is read from the database and then decrypted using a decryption routine contained within the XMod module. The decrypted health insurance ID # is then displayed to the user.
I am sorry if I “over explained” this process. I just wanted to paint a clear picture of what I wanted to accomplish.
Also I not talking about "hard core" encryption, such as symmetric key encryption. Rather, I am talking about "scrambling" the data as stored in the database so as to make it difficult for some snooping individual to glean by directly querying the database.
What do you think? Is this possible by just extending XMod?
- Derek
|
|
|
|
|
Tim Rolands
New Member
Posts:21
|
| 15 Sep 2006 08:59 PM |
|
We also need to be able to this, and I would think others *should* be doing this, too. As concerns about security grow, data encryption will become more and more important. I sure hope we can do this by extending XMod, because we have to do it within a week!  |
|
|
|
|
Adam Norton
New Member
Posts:1
|
| 15 Sep 2006 10:02 PM |
|
would it be possible to do encyption with javascript. I havn't read on all of this (new to xmod) but would that work. http://guymal.com/mycode/xor_js_encryption/ or something. encrypt when saving, decrypt when viewing?
|
|
|
|
|
Jonathan Johnson
New Member
Posts:17
|
| 28 Sep 2006 05:58 PM |
|
derekh - Have you had a chance to look at the ascx-based XMOD forms? Basically, you can create your own asp.net user control (inherits from xmod) and I think you can do whatever you want to the xmod data. I've created several ascx XMOD forms but I have not really used those w/ XMOD data (used the forms for other things), so this approach may not work. |
|
|
|
|
Derek Hodgkins
New Member
Posts:4
|
| 28 Sep 2006 06:04 PM |
|
I have not really looked any further. I am still very much interested in doing so, but it's all a question of time. I am not very familiar with XMod development so I have to catch up in that regard. What I have been looking into though, are the built in encryption methods to SQL Server 2005. Possibly these may allow you to handle all the encryption/decryption via MS SQL Server.
- Derek |
|
|
|
|
AussieDev
New Member
Posts:1
|
| 19 Dec 2009 05:50 AM |
|
[quote]
Posted By DNNDev Admin on 31 Aug 2006 02:02 PM
Hi Derek,
Well, I can help you with things like CC info that will never be displayed fully in a template (usually, they are obfuscated, except for the last 4 digits). For that, the best approach to take is to create a custom Server Control that implements XMod's IFormControl interface. From there you can simply inherit from an ASP.NET textbox and extend it. Implementing the IFormControl interface allows you to have a display text and a hidden value. The display text can be your obfuscated number and the hidden text can be the encrypted value.
Now, there would be a problem if you want to completely display the value in a template. There's no good way to un-encrypt the value for display.
Best,
Kelly
[/quote]
Hi Kelly,
Apologies for bumping an old thread, but I am attempting to implement what you have described above. I'm a little new to XMod, so maybe this is just a newbie issue, but the problem I am having is finding the right spot to to obfuscate/encrypt the number.
I've tried the before/after save points, and on the SelectedItems get. I'm not even sure which field should be obfuscated though since I can't get a successful test to work - the Text property? the SelectedItems.ItemValue? ViewState["Text"]?
Any help that can be provided would be greatly appreciated!
Thankyou :) |
|
|
|
|