Integration with CCK

I like this idea! Although, it may involve some heavy lifting override the output of CCK field values.

If a CCK field is encrypted, then it is likely that you wouldn't want to just decrypt it and display it on the screen in plaintext.

I think for starters we could integrate it with the CCK Password Field module. I don't know that integrating it with a generic CCK text field would be feasible as it's implementation with the various CCK widgets would not make sense.

Perhaps an AES CCK Field sub-module can be packaged into AES on top of integrating with the CCK Password Field module. The specialized AES field could provide a field that supports a plaintext entry widget and a password entry field.

I need to figure out if and how I am going to support the AES branch for D7 before I can begin adding features. For now I am marking this as postponed, but I will certainly be looking to add this functionality.

sub...

Just some ideas, but it would be nice to display the data masked (like with *****) but with the ability to quickly and easily unmask it. Like by clicking on the a button (example: http://drupal.org/project/password_toggle) or even by clicking on the ****** where the text should be, like in views, and see the encrypted text (see how http://www.passpack.com/en/home/ does this for passwords)

I found this which might be useful: https://github.com/damian/jQuery-passwordMask

@that0n3guy

Thanks for your ideas. In version 2 of AES, there will be some AHAH based form helpers for unmasking encrypted data, these can be used in custom forms. Can you elaborate on where you would like the passwords to be optionally visible?

@giorgio79

I like the idea that admins should not be able to see user passwords. There is no way to absolutely prevent user passwords from being decrypted by someone who controls the system. However, I think we can adjust the AES permissions so that there are permissions for "view own passwords" and "view all passwords".

I wasn't really talking just about passwords, but about any data we want encrypted. Passwords were just and example.

Being able to store sensitive data, like passwords, is a need I have coming up very soon. I have many accounts on many sites that I share with several employee's. It would be nice if I could organize this data in drupal so I can integrate it with my drupal based [insert here- like CRM, or project management software or etc...].

AHAH based form helpers for unmasking encrypted data would be great if these worked with views as well.

+1.

My personal view, simply hook into cck at the very last point before input to the database and at the very first point on taking data out. For me, this should be about the database and NOT the viewing, although this could be optional but I think should come later with nice ajaxy stuff going on.

Perhaps someone better than me can put a patch for cck (v6) based around this module, as a non php programmer, I assume there the main cck module takes care of the actual database in/outs and not the widgets or am I wrong?

Thanks,
Paul.

To gorgio79

Yes me too. This module can take a bigger picture than passwords. For example, why not store emails in the db encrypted as well? It is ok, if on display they are shown without encryption. The whole point is in my opinion is to store it encrypted in the database!

I did it !
I have called it DataBase Email Encryption, this sandbox project has been reviewed by the community and is on the verge to become a full project !
more information on http://drupal.org/sandbox/thedut/1209196

And it is a full project now : DataBase Email Encryption
http://drupal.org/project/dbee !

And it is available on Drupal6 and Drupal 7 !
http://drupal.org/project/dbee