Encryption in Frappe for some doctype

kolate_sambhaji · October 26, 2016, 11:54am

In an organization data is very crucial part.
Salary Slip, Contact number of customer’s and suppliers, invoices are also very important to some organization, they do not want to disclose such information even if data is theft by someone.

If one can have database backup, he can easily restore it and reset admin password to see all data.
Can we have any alternative solution for data encryption, so even if someone get database backup, he can not see/restore data?

May be we can use same encryption which is used to email id and password of email account?

Any alternative solution?

max_morais_dmm · October 26, 2016, 5:44pm

@kolate_sambhaji if you have plans to do that, I think you should look that in a database level, how discussed here https://mariadb.com/kb/en/mariadb/encryption/

But I agree with your point, that anyone with a backup can access company information.

Our policy here to prevent that, is the encryption of the database backup, instead of put encryption in the database or in the frappe code.

Remember of the Zen Of Python, Simple is better than Complex!

strixaluco · October 27, 2016, 1:11am

I agree with @max_morais_dmm. This kind of encryption should be better done on lower level.

kolate_sambhaji · October 27, 2016, 10:04am

@max_morais_dmm Thanks for your suggestion, I will check encryption of downloaded database backup.