Ideas

Question

Ideas

ankane opened this issue 4 years ago · 12 comments

ankane commented 4 years ago

3.0

Exclude blind index columns from serialized_hash (not great for inspect) - serialized_hash branch
Drop support for Active Record < 5.2 and Ruby < 2.6

Ideas

(waiting for AR release) add support for Active Record 6.1 - activerecord61 branch
Add support for update_column and update_columns - update_columns branch
Prefer sensitive: true or extra_sensitive: true over slow: true

Answer 1 · 2020-12-29T23:40:21.000Z

there is any way to do a select with order ? example: Customer.all.order(:name), where name is blinded.

Answer 2 · 2020-12-29T23:57:10.000Z

No, you'll need to do sorting in memory (Customer.all.sort_by(&:name)). There is the concept of order-preserving encryption, but it leaks significantly more information than blind indexing.

Answer 3 · 2020-12-30T00:07:40.000Z

ok, thanks a lot ankane, and congratulations for the gem.

Answer 4 · 2021-03-27T05:07:25.000Z

Is it possible to support ranges? i.e,

class Post
  encrypts :date, type: :date
  blind_index :date
end

Post.where(date: ..Date.today)
Post.where(date: Date.today..)
Post.where(date: Date.yesterday..Date.today)

Or is it a similar issue to using order?

Answer 5 · 2021-03-29T00:29:26.000Z

Since dates are discrete, you could pass an array of dates instead of a range. However, creating blind indexes on dates in general will leak a lot of information since it'll show which records have the same dates.

Answer 6 · 2021-12-14T21:45:34.000Z

This might be a dumb question, but I'm trying to LIKE search against an encrypted column using Blind index and it doesn't seem possible.

Example.

Candidate.joins(:profile).where("candidate_profiles.encrypted_inmate_number ILIKE ?", "%W45%")
=> ERROR: column candidate_profiles.encrtyped_inmate_number does not exist

(profile is an alias in this example)

The only value I'm able to search against is the _bidx, but that is obviously not searching against the encrypted value.

Is there any way to achieve this kind of LIKE search for encrypted values?

Didn't want to open a separate issue since this seems in line with the design of encrypting data.

update
I was able to move in a different direction to avoid needing to do this.

Answer 7 · 2021-12-14T23:43:01.000Z

fwiw, there's a section in the readme on this w/ alternative approaches.

Answer 8 · 2021-12-14T23:45:20.000Z

fwiw, there's a section in the readme on this w/ alternative approaches.

Whoops, missed this in my haste 😬 . Appreciate the callout!

Answer 9 · 2022-05-23T15:39:48.000Z

Any chance of adding Sequel support or guiding me on how I might go about implementing it?

See #10, janko/rodauth-rails#108

Answer 10 · 2022-05-23T21:03:24.000Z

I don't have any plans to support Sequel, but you can check out model.rb and extensions.rb to see how it's done for Active Record. You could also use BlindIndex.generate_bidx to generate the blind index value manually before inserting into the database, and then again to query it.

# insert
users.insert(email_bidx: BlindIndex.generate_bidx("test@example.com", key: key))

# query
users.where(email_bidx: BlindIndex.generate_bidx("test@example.com", key: key))

Answer 11 · 2022-05-24T06:56:20.000Z

Thanks for pointing me in the right direction, Andrew. This is needed for an active project, so I'll be diving in soon. If I'm feeling super ambitious, I may make a Sequel fork and try to remain as parallel as I can!

Answer 12 · 2022-05-24T19:34:34.000Z

No problem. Also, if you haven't already seen it, it looks like Sequel has a plugin for searchable encryption. https://sequel.jeremyevans.net/rdoc-plugins/classes/Sequel/Plugins/ColumnEncryption.html