This post originated from an RSS feed registered with Python Buzz by Ng Pheng Siong. Original Post: ZSQLcryptDA Feed Title: (render-blog Ng Pheng Siong) Feed URL: http://sandbox.rulemaker.net/ngps/rdf10_xml Feed Description: Just another this here thing blog. Latest Python Buzz Posts Latest Python Buzz Posts by Ng Pheng Siong Latest Posts From (render-blog Ng Pheng Siong)

From PySQLcrypt, it is a small step to ZSQLcryptDA, an SQLcrypt database adaptor for Zope.

The screenshot shows ZSQLcryptDA accessing the 'customerdb' database created by PySQLcrypt's crypt_dbapi_txns.py demo program.

I've updated the PySQLcrypt demo download to include ZSQLcryptDA. Install the Python module 'sqlcrypt', then copy or move the ZSQLcryptDA/ directory into your Zope product directory and restart Zope. Again, note that this distribution is a commercial demo: It works, but the underlying SQLcrypt engine also stores the passphrase at the beginning of the database file.

SQLcrypt derives its cipher key from the passphrase. Because of passphrase salting, there is an asymmetry in SQLcrypt's operation: when an encrypted database is first created, one specifies the "encrypt" operation which causes a salt to be generated; subsequently, one specifies the "decrypt" operation, which causes SQLcrypt to read the salt from the database.

For ZSQLcryptDA, at present, this means that encrypted databases should be created - set up tables, triggers and whatnot - "out-of-band" and then placed in <zope-instance>/var/sqlcrypt/. When creating a Zope database connection through Zope's TTW interface, the passphrase supplied is used in "decrypt" mode.

ZSQLcryptDA is based on Hagime Nakagami's ZSQLiteDA.