Encrypt user name and email address

[crankedguy]

Hi, as already sketched out on Discord it would be a nice addition to have the user data actually encrypted-at-work. This should be doable with pretty small investment actually and it has the great benefit that customers are always at ease of mind if you can tell them that their data is double and triple safe. Especially European customers love to hear that. And an additional layer of security is never bad if it doesn't do any harm performance wise or is only doable with unjustifyable expenses.

What do you think Zeke?

[ezekg]

One problem with encrypting user first/last name and email, is that partial search is not possible with encryption. E.g. searching for all users by an email domain would no longer be possible, and that's a very common use case for search. But since partial name searches aren't that common, we could work around this by creating a new column, e.g. users.email_domain, which could be used when searching on partial email, and encrypt that as well.

[crankedguy]

Oh ok, I am not that deep into rails as I told you and I just had a look into the docs and saw that the data is just normally retrievable, but I didn't see this with the partial search. That sounds nice, because in that way you get your partial search back. as a full search. I am just thinking if I am happy with that solution myself then because actually I use the database a lot right now :D :D That would get lost then. But in the end its about the customers of course and I just use an API call.