Hi! One cool plugin i came across recently - jasypt-encryption plugin. Using it you can easily implement automati
c encryption and decryption of fields to your database. This will protect data in your database. But not in your application, because in your app the data is unencrypted, it is encrypted only in the DB.
First of all, check this repository for a wiki and some code examples: https://github.com/dtanner/grails-jasypt
Installation is very easy:
1)In BuildConfig.groovy (for hibernate4 you need jasypt 1.3.1, for hibernate 3 you need jasypt 1.2.1):
plugins {
compile ":jasypt-encryption:1.3.1"
runtime ":hibernate4:4.3.5.5"
}
2)in Config.groovy:
jasypt {
algorithm = "PBEWITHSHA256AND256BITAES-CBC-BC"
providerName = "BC"
password = "test"
keyObtentionIterations = 1000
}
3)And in the domain object you will use encryption, add import and mapping:
import com.bloomhealthco.jasypt.GormEncryptedStringType
String password
static mapping = {
password type: GormEncryptedStringType
}
Not when the user is persisted, the password field is automatically encrypted, and decrypted when fetched from DB.
So, this is a way to add some security to your database. But if you need encryption for, example, protecting passwords, then you better not use jasypt, but use spring security.
Jasypt encrypts and persists data, and when you fetch data from the DB it is automatically decrypted, so, for example, in an authentication algorithm you compare unencrypted passwords, and the password fetched from DB exists in an unencrypted state in your application.
While with spring security plugin the encryption is one-way: the password is encrypted and persisted, and when user logins, the password is encrypted, and the encrypted string is compared to the persisted one from earlier.