Allow encrypting selected muranopl properties
Currently muranopl properties in Object Model are always stored as is. That might pose security threat for sertain applications, that want to store passwords or other sensitive information in muranopl properties.
This means, that users from the same tenant as well as admin users currently have full access to that information.
This also means, that potential attacker will gain access to all that information as soon he gains access to db
One option to fix this would be to somehow mark certain properties as encrypted and encrypt/decrypt them on api/engine side with a symmetrical algorithm (des/aes/3des), storing the key on both sides. (This would not prevent admin from having access to that info, but would prevent others from seeing it.)
This might not be the only solution, but looks like the most obvious. Meta attributes might be required to implement this BP
Blueprint information
- Status:
- Not started
- Approver:
- Felipe Monteiro
- Priority:
- Medium
- Drafter:
- Kirill Zaitsev
- Direction:
- Approved
- Assignee:
- None
- Definition:
- New
- Series goal:
- Accepted for pike
- Implementation:
- Not started
- Milestone target:
- next
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
FYI, have began work on this blueprint. Posted some thoughts on implementation at http://
Gerrit topic: https:/
Addressed by: https:/
Implement encryption for MuranoPL object model
Addressed by: https:/
Add encryptData yaql function
Addressed by: https:/
Fix create environment TypeError