Encrypting a Field that is used for searching

[icoso]

Thanks miasoft, I don't think making a temporary table will work. There will be 1000's of records in this table and up to about 10 people using this at the same time. Having the SSN's in an unencrypted format in the online database is not an option.
I need to know how to change the search criteria and for that to changed search criteria to be used to actually search. As of right now its not. I can change the search criteria after entering it, but it somehow reverts back to its original entry right before the search occurs. Anyone else have a solution?

[icoso]

Are you using the latest nuBuilder v4.5 git master? The BeforeSave function code was updated to allow changes to the form data before saving to the database. In a similar manner, the search value can be encrypted / encoded before being sent for processing. The session variable that makes the search value persist across pages (and ajax requests) would need to be changed in the client side itself before a transmission to the server - php or ajax.

That is my question! How do I do that? "The session variable that makes the search value persist across pages (and ajax requests) would need to be changed in the client side itself before a transmission to the server" The code that kev1n provided does not work and it causes a syntax error.

ANyway I try to change the search value before it searches doesn't work. That's what my post is about.

[miasoft]

Having the SSN's in an unencrypted format in the online database is not an option.

...A temporary table is only available and accessible to the client that creates it. Different clients can create temporary tables with the same name without causing errors because only the client that creates the temporary table can see it. However, in the same session, two temporary tables cannot share the same name....

There will be 1000's of records up to about 10 people

A temporary table will have two short fields for each record. Total size 10-20Mb is problem?

[icoso]

Not the problem, its the functionality of it. Why have a database online all daylong that contains unencrypted SSNs in it? That's not what Im looking for. Im needing to know how to change the search value before it searches and it doesn't work. That's what my post is about.

[apmuthu]

The Wiki has a new Search page that possibly addresses this issue.

[kev1n]

I think it's best to add a separate search button to search for an encrypted string (SSN).
In this way, searching for unencrypted values will still work as usual

In the form's Custom Code:

Code: Select all

function nuOnSearchAction() {
    
    window.originalSearchString = undefined;
    return true;
    
}

function searchSSN() {
   
       // Store the Search String in a Hash Cookie nuSearchField
       nuSetProperty('nuSearchField', $('#nuSearchField').val());

       // Run the PHP Procedure searchSSN
       nuRunPHPHidden("searchSSN",0);
       
}

if(nuFormType() == 'browse'){

       // Add an additional button "Search SSN" next to the other action buttons
       if (window.originalSearchString !== undefined) {
            $('#nuSearchField').val(window.originalSearchString);
       }
       
       nuAddActionButton('nuRunPHPHidden', 'Search SSN', 'searchSSN();');
       
}

PHP Procedure with

Code: searchSSN

Code: Select all

function encryptString($text) {
   
   
   // Use any encryption algorithm and return the encrypted string
   // For demonstration purposes, add 123 to the search string
   $text = $text. '123';
   
   return $text;
}


$e = encryptString("#nuSearchField#");

$js = 

" 
  window.originalSearchString = '#nuSearchField#';
  nuForm(nuGetProperty('form_id'),'' , '', '$e', '1'); 

";

nuJavascriptCallback($js);

[icoso]

Thanks! I'll try that and let you know how it goes.

[icoso]

kev1n,

I was able to encrypt what was entered in the search screen and retrieve the record for that SSN. However what I entered in the Search field changed to the encrypted string.

Is there any way to make it the original entered string after the search? This is so the user doesn't get confused as to what they entered.

Can you explain what this does: window.originalSearchString = undefined; What is "originalSearchString" How does it affect the search screen?

Also, In the list of records that were retrieved, IS there any way to change what is displayed there for the SSNs? It is currently displaying the encrypted string and not the SSN from the database.

How can I display the unencrypted SSN field there? What functions and/or code section can I use to unencrypt the SSN when it's displayed?

I understand that nuJavascriptCallback($js); runs the Javascript in $js AFTER the encryptString("#nuSearchField#"); function is run. The nuJavascriptCallback($js) runs the "nuForm(nuGetProperty('form_id'),'' , '', '$e', '1'); " function which opens the form and uses the encrypted string as the search string. However, since the form opens up after the search occurs, should this (window.originalSearchString = '#nuSearchField#'; ) be done AFTER the nuForm function to set the search field back to what I entered originally?

This statement window.originalSearchString = '#nuSearchField#'; doesn't seem to be doing anything, whether I put it before or after the nuForm function.

Should I be using the DOM element to set that field back to the original search text? Such as: document.getElementById('nuSearchField').value = '#nuSearchField#';

[kev1n]

Is there any way to make it the original entered string after the search? This is so the user doesn't get confused as to what they entered.

In my example the original search string is shown again in the search field. Can you show both your Custom Code + PHP procedure code?

Can you explain what this does: window.originalSearchString = undefined; What is "originalSearchString" How does it affect the search screen?

originalSearchString is the unencrypted search string.

Also, In the list of records that were retrieved, IS there any way to change what is displayed there for the SSNs? It is currently displaying the encrypted string and not the SSN from the database.
How can I display the unencrypted SSN field there? What functions and/or code section can I use to unencrypt the SSN when it's displayed?

I'll have to think about what the best option is there.

[icoso]

Here is my Custom Code:

Code: Select all

if (nuFormType() == 'browse') {
   $('#nuSearchField').on('change keydown paste input propertychange click keyup blur', function() {
       nuSetProperty('SEARCH_FIELD', this.value );   
  })
  nuAddActionButton('encrpytSearch', 'Search SSN Encrypted','searchSSN();');
}

function nuOnSearchAction() {
    window.originalSearchString = undefined;
    return true;
}

function searchSSN() {
   
       // Store the Search String in a Hash Cookie nuSearchField
       nuSetProperty('nuSearchField', $('#nuSearchField').val());

// I just put this here for testing to see If I could somehow see what it is after the nuRunPhpHidden
       nuSetProperty('nuOrgSearchField', $('#nuSearchField').val());  

       // Run the PHP Procedure searchSSN
       nuRunPHPHidden("srchEncSSN",0);
//       alert($('#nuOrgSearchField'));
}

Here is my PHP Procedure:

Code: Select all

function encryptSSN($Str1) {
//remove dashes
   $newStr="";
   for ($l=0; $l<strlen($Str1); $l++) {
      $decnum = ord(substr($Str1,$l,1));
      if ($decnum > 47 && $decnum < 58) {
        $newStr=$newStr.chr($decnum); 
      }
   }

// the routein does some other things here to further encryt the data....

return $newStr;
}  // ***** End Function *****

$e = encryptSSN("#nuSearchField#");
$js =
"
  nuForm(nuGetProperty('form_id'),'' , '', '$e', '1');
// I tried both of these below.  Neither set the Search field to what I originally entered.  It changed it to the encrypted string...
  window.nuSearchField = '#nuSearchField#';
// document.getElementById('nuSearchField').value = '#nuSearchField#';

";
nuJavascriptCallback($js);

Here is a pic of the search screen1:

CustomerSSNSearch.png

After entering the ssn (can be entered with or without dahses):

CustomerSSNSearch2.png

Result after search:

CustomerSSNSearch3.png

As you can see the search field gets replaced with the encrypted data not what I typed.

Additionally, When I unencrypt( which i have done in the BE code, I cant figure out how to set the form SSN form Field. I tried using the nuSetNuDataValue($nudata, '', 'cust_prissn', $SSN); after setting the $SSN variable, but that doesn't work. Any suggestions on how to set the actual form field on the screen to be the $SSN variable?