Closed nelsonic closed 1 year ago
nelsonic
commented
1 year ago Getting the following error:
15:06:13.691 [info] alter table people
** (Postgrex.Error) ERROR 42804 (datatype_mismatch) column "email" cannot be cast automatically to type bytea
hint: You might need to specify "USING email::bytea".Sadly, having the person.email and person_tokens.sent_to in plaintext is relied upon by the following query:
I don't see us using this function in our auth implementation
because this is the flow/journey where people click on a link in an email to verify their email address
and we are definitely not doing email verification with links.
see: https://github.com/dwyl/auth/issues/223#issuecomment-1426810316
So I'm going to explore removing this function and seeing what the ramifications are ... 💭
nelsonic
commented
1 year ago Following the changes made in: https://github.com/dwyl/auth/pull/231/commits/2bbba99c7057f0d2943dd8327be52ccf1a1bd58c
If we now run a query to view the data in the people table:
SELECT id, email, inserted_at FROM people;We see that the email is now a binary blob
Registration and Login still works as expected:
But now the personal data captured in registration is stored encrypted at rest the way it should be. 🔐
nelsonic
commented
1 year ago
As noted in https://github.com/dwyl/auth/issues/284 sadly, by
defaultthemix phx.gen.authgenerator does not setup any protection for personal data in the database. 😢 Email addresses are stored asplaintext:Similarly the
people_tokenstable storesemailaddresses asplaintextin thesent_tocolumn:This is obviously undesirable. 🙃 This is a privacy/security issue waiting to become a scandal!
Todo
fieldsto the newly re-createdauth(Phoenix 1.7) apppeopleandpeople_tokensschemas to useFields.EmailEncryptedThis shouldn't take very long but allocating
T2hto allow for documenting the steps