承接 x69420/doctrine-encrypt-bundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

x69420/doctrine-encrypt-bundle

Composer 安装命令:

composer require x69420/doctrine-encrypt-bundle

包简介

Symfony 5 bundle which allows to encrypt data in database with some encrypt algorithm, this fork make use of open ssl

README 文档

README

#DoctrineEncryptBundle version 3.0

Bundle allows to create doctrine entities with fields that will be protected with help of some encryption algorithm in database and it will be clearly for developer, because bundle is uses doctrine life cycle events

This is an fork from the original bundle created by vmelnik-ukrain (Many thanks to him) which can be found here: vmelnik-ukraine/DoctrineEncryptBundle this is again a fork from the bundle nepda/doctrine-encrypt from Marcel van Nuil.

goal of this fork

My main goal is to improve the Encryptor : multiple existed but they where base on mcrypt and had flaws. I replaced them with an openssl alternative, found partly from this fork (again!) : https://github.com/nepda/doctrine-encrypt/blob/master/src/DoctrineEncrypt/Encryptors/OpenSslEncryptor.php If the author accept to merge my change, I will probably close this fork.

I also borrowed the "SensitiveValue" and "Mask" class from the great payum library in order to prevent the secret key to be printed (for more information, see payum doc).

I added a twig extension in case of the need to decode the data only on display. (need additional work to be fully satisfying, like optionally do ont decode in the entity)

The encryptor also throw verbose errors and handle a simple integrity check (the length of the data is stored with the data in a json string, and is verified on the decrypt side).

scope of this fork

The rest of this file anf of the doc will probably remain the forked content. Exept for the namespaces and the authors list that I changed (the search & replace way).

###What does it do exactly

It gives you the opportunity to add the @Encrypt annotation above each string property

    /**
     * @var string
     * @ORM\Column(name="host", type="string", length=255)
     * @Encrypted
     */
    private $host;
    /** @var string store the decryptedVersion of $host */
    private $hostDecrypted;
    
        /**
         * Set host
         * 
         * You MUST assign null to the decryped var 
         * 
         *
         * @param string $host
         *
         * @return ItopUser
         */
        public function setHost($host)
        {
            $this->host             = $host;
            $this->hostDecrypted    = null;//mandatory if you want your host to be encoded again!
            return $this;
        }
    
        /**
         * Get host
         * 
         * You MUST return the decryped var if it is set
         * 
         * @return string
         */
        public function getHost()
        {
            if (!empty($this->hostDecrypted)) {
                return $this->hostDecrypted;
            }
            return $this->host;
        }
    
        /**
         * INTERNAL 
         * Set hostDecrypted
         *
         * @param string $host
         *
         * @return ItopUser
         */
        public function setHostDecrypted($hostDecrypted)
        {
            $this->hostDecrypted = $hostDecrypted;
    
            return $this;
        }
    
        /**
         * INTERNAL 
         * Get hostDecrypted
         *
         * @return string
         */
        public function getHostDecrypted()
        {
            return $this->hostDecrypted;
        }

The bundle uses doctrine his life cycle events to encrypt the data when inserted into the database and decrypt the data when loaded into your entity manager. It is only able to encrypt string values at the moment, numbers and other fields will be added later on in development. You NEED to add the *Decrypt field, it MUST not be persisted, the gettter/setter MUST exists and have standard names, the getter/setter of the encrypted propterties must follow the pattern above

this verstion 3.0 drop support from many functionnalities of the 2.0 :

many unused features was removed for the sake of performance and readability :

  • EmbeddedAnnotation are no more supported (I don't ever know what it is so... if you'r curious, google for Doctrine\ORM\Mapping\Embedded)
  • the annotation only mode is no more tested, use it knowing the risk ;)

an almost total rework of the event listener has been done, it now use a cache for most of the time consuming operations and listen to many less events. It do no more need an update on each flush.

###Advantages and disadvantaged of an encrypted database

####Advantages

  • Information is stored safely
  • Not worrying about saving backups at other locations
  • Unreadable for employees managing the database

####Disadvantages

  • Can't use ORDER BY on encrypted data
  • In SELECT WHERE statements the where values also have to be encrypted
  • When you lose your key you lose your data (Make a backup of the key on a safe location)

###Documentation

This bundle is responsible for encryption/decryption of the data in your database. All encryption/decryption work on the PHP's server side.

The following documents are available:

###License

This bundle is under the MIT license. See the complete license in the bundle

###Versions

I'm using Semantic Versioning like described here

x69420/doctrine-encrypt-bundle 适用场景与选型建议

x69420/doctrine-encrypt-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 7 次下载、GitHub Stars 达 0, 最近一次更新时间为 2021 年 12 月 24 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「symfony」 「bundle」 「doctrine」 「openssl」 「encrypt」 「aes256」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 x69420/doctrine-encrypt-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 x69420/doctrine-encrypt-bundle 我们能提供哪些服务?
定制开发 / 二次开发

基于 x69420/doctrine-encrypt-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 7
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 4
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 217
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2021-12-24