This website uses cookies for visitor traffic analysis. By using the website, you agree with storing the cookies on your computer.More information

Client-side encoding of records

We've just shipped an absolutely fantastic new feature that many of you will love. Starting now, you can store values fully encrypted in your backend/database - transparently, securely, and without ever exposing plaintext on the server. All you need is a client-side token that lives exclusively in secure storage on the device. The backend and the database only ever see encrypted bytes. When the data is read, it's automatically decrypted on the client. In other words: your app never has to persist unencrypted data again.

This is a highly specialized capability, but incredibly powerful. If you're building something like a password manager that syncs credentials across devices, this feature is a game-changer. Passwords never appear in plaintext on the server - even if someone were to gain direct database access due to a security flaw, they'd only see encrypted blobs.

How does it work?

You simply mark the columns you want encrypted:

book.getRowDefinition().addColumnDefinition(
  new ColumnDefinition("PASSWORD", new EncodedBinaryDataType())
);

The corresponding database column must use a binary data type (not text).
That's literally all the setup required.

When the user opens the screen in your app, they'll be prompted for a token. This token is stored securely on the device, never displayed, and used solely for encryption and decryption. Each application can use its own token. You can also delete the token to force re-entry whenever needed.

How it looks like?

Enter token

Enter token

Delete token

Delete token

Leave a Reply

Spam protection by WP Captcha-Free