General Data Protection Regulation is activate: 25 May 2018
All personal data needs to be protected.
It would be good if personal data were stored in the database secretly.
The drupal core protects only passwords.
It is good if at least the email address is stored in this way, but it would be good if other fields would allow the encryption to be enabled with a check box.
I think it would be beneficial if this feature was supported by the core of the drupal.
It would be good to have the settings in the settings.php file, such as the e-mail address and even the name's encryption.
Comments
Comment #2
Somfai Tibor commentedComment #3
Somfai Tibor commentedComment #4
cilefen commentedThank you. I think this is a duplicate.
Comment #5
cilefen commentedComment #6
Somfai Tibor commentedNot Duplicate!
I would like to draw attention to the importance of encryption.
If the fields data is encrypted, you do not have to report the database to the authority!
That is why it is necessary to encrypt sensitive, personal data fields in the database!
The authority also classifies the e-mail address as personal data! But this is definitely necessary for registration!
Currently drupal stores the e-mail address in playn text. That's not right!
In my opinion, it would be beneficial if the possibility of encrypted storage of fields would be supported by the drupal core!
Comment #7
Somfai Tibor commentedIn today's world, the protection of personal data is becoming increasingly important. So it is important that the personal data fields are encrypted. These fields may vary depending on the specific task. so it would be good to expand the field system with a check box where you can select which fields to be encrypted.
This is not only important for GDPR, but it has drawn attention to the deficiency.
Perhaps the title was unimaginative. That's why I apologize!
Comment #8
Somfai Tibor commentedComment #9
cilefen commentedOk
Comment #10
cilefen commentedhttps://www.drupal.org/project/dbee
Comment #11
Somfai Tibor commentedDataBase Email Encryption 2.x:
The required php-encryption directory requires shell access! This is forbidden for many providers!
Not just e-mail personal data!
Personal information may include:
e-mail
Telephone number
MAC Address
IP
Name
Address
GPS coordinates
Car license plate
Photo
Eye color
Leather color
Religion
etc...
That is why I believe that a field encryption service to drupal core would be a benefit to other cms systems.
Everyone can freely tell which fields they want to be encrypted to store, so options are customizable.
On the administration page, you can set the type and strength of the encryption.
Comment #12
mikeoharaI am going to throw in and Agree with @Somfai Tibor on this one.
Drupal needs to support at rest encryption of field data out-of-the-box. We need to lead not follow. With the nature and volatility of web security right now, combined with stricture and more widespread privacy legislation, we can't avoid this any longer.
I would almost argue that Encryption should be enabled by default. It's important enough.
Comment #13
Somfai Tibor commentedOf course, you have to be careful about what is encrypted because the size of the database can be greatly increased. That's why I am the advocate of enclosure. Everyone can define the fields to be encrypted. By default, the email field should be encrypted.
Current Basic Modules:
The basic solution is good. Security of key storage can be enhanced with a variety of keystore services. I think they are not in the core.
Comment #14
mgiffordTagging and adding a parent item for Core.
More discussion happening here https://www.drupal.org/project/drupal_gdpr_team
Comment #15
mgifford@fgm mentioned this in #2848974-8: Privacy Concerns as GDPR Compliance - "need to encrypt personal data without access to those without a need to know matching the opt-in agreement given"
Comment #16
mgiffordAlso from https://techblog.bozho.net/gdpr-practical-guide-developers/
Comment #17
sam152 commentedComment #18
mgiffordComment #21
code-drupal commentedAny update on when this will be available in Drupal core.
It's true that many hosting providers do not provides encryption of db. which is a big concerns for storing Pii data.
Comment #23
dercheffeThis is IMO a very very important thing when using Drupal in European market and I would also vote to bring the mentioned modules in #13 into core.
Jonathan Daggerhart wrote a great tutorial series how to encrypt data which can be found here:
https://www.daggerhart.com/how-to-encrypt-field-data-drupal-8/
The only challenge is to find a European GDPR compatible key storage provider. The only solution I found is lockr.io which is is a company located in the US.
Comment #24
dercheffeAny news about this issue? How do you solve the data protection of fields with user data?
is there a way to encrypt address field? Doesnt work with field_encrypt module #3119762: Not possible to encrypt address field
Thanks in advance for any help
Comment #25
manuel garcia commentedSo to anyone that does not know yet, field encrypt module only deals with attached fields (ie fields you can manage via field ui).
The problem lies in encrypting entity base fields, so, those defined by
baseFieldDefinitions()on the entity classes, such as Comment'sname,mail,hostname, or User's name, mail etc. These to my knowledge there is no contrib solution that can do this.Comment #26
manuel garcia commentedFor those that are interested in finding a solution for entity base fields, I have started work on this direction over on #3124467: Support for encrypting entity base fields - please have a look and report your thoughts / findings etc.
Comment #34
quietone commentedI am closing this as a duplicate of #2895197: Add support for encrypted field api field storage in core.