secure field option

rjpal · April 7, 2016, 7:52pm

Not sure where you guys have input for feature requests/enhancements/upgrades but I have one that would be very useful.

Would like to have an option on schema editor when creating or editing columns for “secure” object. For me, I am doing financial apps with healthcare and have a requirement to enter and store sensitive data.

Ideal scenario is to mask sensitive fields in the console and to unmask need admin rights…

Just a suggestion

mark-piller · April 9, 2016, 5:55pm

Is the goal to hide values for the “secure” columns in the console?

aditya-gangwar · April 9, 2016, 8:50pm

Moreover, it would be great for table fields to support encryption - for storing sensitive data.

mark-piller · April 9, 2016, 10:13pm

Maybe they are already encrypted… what makes you think they are not?

rjpal · April 11, 2016, 3:34pm

Hi Mark, I can be a little clearer. As admin I can create a user and set password in console, as soon as saved the password raw text is no longer displayed and assumably is also encrypted in database. I was just suggesting the option to do the same for fields I create so I can enter raw text in creating new object but that text will now be displayed in table. I suppose I could go to field_level security and only allow super_admin rights or something like that.

I’m still turning knobs and dials with your platform…Liking it!

mark-piller · April 14, 2016, 1:30am

Thanks for clarifying. Passwords are indeed hashed and salted, so retrieving the original “raw” value for a password is not possible (it is a one-way encryption). Suppose the same is possible for some other column. What good would it do if you cannot retrieve the original (raw) value?

1114 · July 9, 2020, 10:23am

Hello,
If i want to store some sensitive data in a table is there a way with backendless API to store them encrypted or i should do the encryption and decryption by myself?
Thanks.

oleg-vyalyh · July 9, 2020, 1:39pm

If you want to protect sensitive data from retrieving (e.g. of other developers) you may use Role/User permissions for table or record.
If you are talking specifically about encryption/decryption – then no, Backendless has no integrated encryption mechanisms at this time.

mark-piller · July 9, 2020, 5:06pm

Hi Christos,

I would like to learn a bit more about the use-case you envision, so I could suggest the best possible solution. Could you please describe what you’re trying to accomplish. I understand you want your objects to be stored encrypted, but I’d like to learn the ultimate goal. Some ideas I had in mind are:

Data can not be seen in the management console
Data can be retrieved in the decrypted format only when some special key is provided by the client app.

Regards,
Mark