Typeorm filter columns that have been transformed

Question

Typeorm filter columns that have been transformed

Asked 2 years, 10 months ago

Viewed 17 times

0

I used the typeorm-Encrypted, to encrypt columns containing sensitive application data via the parameter Transformer as shown below:

    @PrimaryColumn()
    protocolo: number;

    @Column({
        nullable: false,
        transformer: CryptoTransformer,
    })
    nome: string;

    @Column({
        name: 'titular_nome',
        nullable: false,
        transformer: CryptoTransformer,
    })
    titularNome: string;

Content of Cryptotransformer:

import { EncryptionTransformer } from "typeorm-encrypted";
import dotenv from 'dotenv';

dotenv.config();

export default new EncryptionTransformer({
    key: `${process.env.DB_KEY}`,
    algorithm: 'aes-256-cbc',
    ivLength: 16,
    iv: `${process.env.DB_IV}`,
});

I would like to apply filters to these columns, and I’m trying to do this using the method Repository.createQueryBuilder() of Typeorm, as shown below:

const builder = repository.createQueryBuilder('em');
const nomeTeste = "maria";

builder.andWhere('LOWER(em.nome) LIKE LOWER(:nome) OR LOWER(em.titularNome) LIKE LOWER(:nome)', { nome: `%${nomeTeste}%` });

However, although there are records in the database that meet the query filters, nothing is returned, because the database value is encrypted and there is no "maria" substring in the encrypted columns.

I thought about encrypting the filters before performing the query, but I don’t think this is the smartest solution, besides probably filters that use the "LIKE" operator wouldn’t work to compare encrypted values.

Could you help me find a solution to apply filters to these cryptographic columns?

'Cause you’re using encryption?

– novic

2021/08/09 at 03:29
@novic, these are client requirements, I imagine it’s something to do with LGPD. If any unforeseen event occurs and the database leaks or third parties gain access to it, the company has an "extra point" in its defense with this data encryption, claiming that it was not negligent in this matter of protection, performing what was at the reach of the same.

– César Cardoso

2021/08/09 at 18:14
Can you do the reverse? type of encryption for what it really means?

– novic

2021/08/10 at 00:11
Yes, this is done automatically by Transformer, using the "from" method. When performing Repository.find(), for example, a list of the decrypted data is obtained. It made me think of, maybe, always getting all the bank records, through this method, and performing one. JS filter in the array applying user filters. Would the performance be greatly affected in this case ?

– César Cardoso

2021/08/10 at 14:13
Don’t do it ... this is a serious mistake and can make your application very slow!

– novic

2021/08/10 at 15:50

No answers

Browser other questions tagged typescript select cryptography typeorm transform

You are not signed in. Login or sign up in order to post.