Encryption data?

jlboutin60 · February 3, 2021, 2:06pm

If I understand your problem, it need to be executed only one time

If so put it in onScriptInit of any app or create a blank one that will be executed only one time
Then remove or comment out your code

To be safe, add a field to specified if the info is already encode, so you don’t encode it 2 times

Yannick_Pavard · February 3, 2021, 2:15pm

Ok thank you, I understand, so simple !

mhanu · August 1, 2023, 1:29pm

when you have a form and insert a record how can you make it apply the native Mysql encryption?
do i have to put in the onbeforeinsert event a query with the AES_ENCRYPT function?

Thanks

jlboutin60 · August 1, 2023, 1:59pm

To work with a form or grid you need to have 2 fields for the encrypted DATA. One plain field and one encrypted field set by default to ‘’.

You set up the form using the normal field and hide the encrypted field.

When you insert the data, the normal field will contain the plain info.

In the onAfterInsert or onAfterUpdate event you do an update of your info

$SQL = "UPDATE table SET encryptfield = AES_ENCRYPT({field}, UNHEX(SHA2('My secret passphrase',512))), field = '' WHERE ID = {ID}";
sc_exec_sql($SQL);

Now your encrypted field contain the data and the plain field is empty.

In the onLoad event decrypt your field so the form or grid work correctly.

Sorry I don’t have more time to explain this. Use this as a base for your project, check my syntax I didn’t test it.

mikem_uk · November 22, 2023, 5:23pm

A bit late to this game. MySQL uses built in encryption, meaning that in local non SSL networks, while the data is safe in the db, you have unencrypted data travelling around the network. The data is returned to the user unencrypted, and can be viewed with any packet sniffer anywhere in the network, and even MITM attacks can be made if the bad actor has access to the network and certificate.

For this reason, I prefer to encrypt and decrypt within the application, then when databases are stored on unencrypted (and encrypted networks), the data remains encrypted until the application decrypts. It is more efficient, too, as encryption is done on the local user machine.

Even though I have an up to date Scriptcase subscription, I still have to write most of my project DB applications in Visual Studio, because of customer requirements.

aducom · November 23, 2023, 10:52am

Actually, that depends on your configuration. See: https://dev.mysql.com/doc/refman/8.0/en/encrypted-connections.html

You can encrypt the data between the MySQL driver (client) and the database. And you can encrypt the database itself, so when stolen, the data cannot be extracted. But they are separate things.