[Fixed]-A good way to encrypt database fields?


Yeah. Tell whoever told you to get real. Makes no / little sense. If it is about the stored values – enterprise edition 2008 can store encrypted DB files.

Otherwise, if you really need to (with all disadvantages) just encrypt them and store them as byte fields.




I had the same problem, and created the following solution: http://djangosnippets.org/snippets/2489/

I happened to use M2Crypto as the cipher engine, but that can be swapped out if desired.

As TomTom notes, doing this just raises the bar for an attacker rather than making hostile decryption impossible – in addition to accessing your database, they now also need to access wherever you store the passphrase that feeds into the key derivation function. However, by splitting the key from the data it is protecting in this way, you at least now have the option to further secure that key (e.g. with a key management server) to raise the bar yet higher. Defence in depth is a good strategy, but you also need to decide what constitutues overkill for a given application.

It’s also a terrible idea to encrypt any field that might be useful for searching or sorting purposes (I only use this trick to store OAuth credentials for a web service that doesn’t support proper tokenised OAuth connections).


If you are storing things like passwords, you can do this:

  1. store users’ passwords as their SHA256 hashes
  2. get the user’s password
  3. hash it
  4. List item

check it against the stored password

You can create a SHA-256 hash in Python by using the hashlib module.

Hope this helps

Leave a comment