cloak_ecto icon indicating copy to clipboard operation
cloak_ecto copied to clipboard

Published 20 hours ago verified publisher icon danielberkompas

Support wrapping plaintext in closure

Open voltone opened this issue 4 years ago • 1 comments

See also https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/sensitive_data

voltone avatar Jun 29 '20 14:06 voltone

Just to clarify: it would be possible to implement the core aspect of this feature purely in my application by overriding after_decrypt/1 to return the closure. But that would not support the reverse direction: passing a closure in an insert/update. For that I'd have to unwrap the closure in cast/1, and it is not overridable.

So a minimal change might be instead to make cast/1 overridable in all default types. But I think the benefit of explicit support for this feature in Cloak.Ecto is that it raises awareness of this technique to other users of the library.

voltone avatar Jul 01 '20 13:07 voltone