Database encryption for sensitive fields

Math · May 23, 2022, 9:27pm

Is there a feature in ServiceStack that allows to encrypt/decrypt certain field with an attribute on a property for example?

public class Account
{
[Encrypt]
public string? Password { get; set; }
}

I have a service with a mysql database and I will have to implement this on certain field and I’d like to use the new Locode frontend to allow employees to edit those encrypted field so I was wondering if that’s a scenario (encryption) that is supported somewhere I can’t seem to find it if that’s the case.

thanks.

mythz · May 23, 2022, 9:46pm

There’s no existing feature to encrypt a single property, Encrypted Messaging Feature encrypts the full Request/Response DTOs:

https://docs.servicestack.net/encrypted-messaging

The implementation for the feature & client can be found on the links at the bottom of the docs should you want to implement a similar feature.

Math · May 24, 2022, 1:30pm

I think there is a place to vote for new features?

I’d like to enter this one and another one (rate limiting).

Thanks!

mythz · May 24, 2022, 1:36pm

Best place to submit features is in GitHub Discussions on https://servicestack.net/ideas

As for rate limiting, this project should be a good existing code base to start from:

This is another post on how rate limiting can be implemented:
http://www.corytaylor.ca/api-throttling-with-servicestack/

kev_rm · June 2, 2022, 3:31am

typically you are going to use wire encryption on the update (so a post or put via https) and then the service implementation will encrypt it for at rest storage.

on another note, if you are implementing bespoke services related to passwords… you’re probably doing it wrong.