Is anyone encrypting either their BLOBs or the Data.fs (or both) these days? I looked to see if there were any options inherent to ZODB or additional packages that could do it and found this GitHub - zopefoundation/cipher.encryptingstorage: ZODB storage wrapper for encryption of database records but was surprised that they appear to be considering archiving it due to lack of use. To be fair, I've been using Plone for years without going to this length (the sites are completely secure, but BLOBs are ultimately stored in plain text I believe) but it looks like our security requirements from contracts may necessitate something more.
Eric Wohnlich via Plone Community wrote at 2023-8-15 23:00 +0000:
... encrypting either their BLOBs or the Data.fs
...GitHub - zopefoundation/cipher.encryptingstorage: ZODB storage wrapper for encryption of database records
but was surprised that they appear to be considering archiving it due to lack of use.
Archiving simply means: "we do not expect further development in the near
future". It is easy to "unarchive" again when further development
becomes necessary.
To be fair, I've been using Plone for years without going to this length (the sites are completely secure, but BLOBs are ultimately stored in plain text I believe) but it looks like our security requirements from contracts may necessitate something more.
Those resources are stored on the server: you can use its access control
features to control access to them.
You might also consider the use of an encrypted file system.
Note that even with encrypted resources, there will not be 100 % security:
the key must be stored somewhere and persons with sufficient
(server) priviledges likely will be able to locate those keys.
1 Like
Thanks Dieter,
I talked with our security officer and I have a better understanding of what his concerns are now. We do already have an encrypted filesystem and access controls set up appropriately. I even wrote a package (which I should probably put up on pypi) ims.encryptedfile that allows the user to supply a passphrase and encrypt the file with 7zip so that no one in our company has any access to it. The concern was perhaps overly cautious, but he was worried about people uploading files that should have been encrypted but weren't.
If there was an easy way to encrypt BLOBs yes, someone would have to have access to that key, but maybe you remove a couple more people from having access to it this way. And if the contract terminates the key can be deleted to negate the issue of backups. I am told that if this isn't an easily accessible feature of ZODB/BLOBs as is, we probably don't need to worry about it, given the other security in place.
That said, we are thinking of maybe putting in an event listener on file uploads to check for certain kinds of PII (American government term: Guidance on the Protection of Personal Identifiable Information | U.S. Department of Labor I think it's just "personal data" in Europe?). There are some regexes that can help with the biggest offenders like, SSN, credit card numbers, etc. The idea is to flag it for user review to prompt them to either encrypt it, or mark it as a false positive. CYA stuff, really.