Fallback values and mark attributes on tables as sensitive/personal data - Mendix Forum

Fallback values and mark attributes on tables as sensitive/personal data


This request is made of 2 parts:

Part 1:

I wish to mark attributes on tables as sensitive/personal data and store them as encrypted data based on an environment KEY. So the idea is that this data will be stored as encrypted data, which is only decryptable on the environment it was created on and therefor only usable on that environment. This will enable exporting databases from one environment to a local machine or test environment, without introducing privacy risks or unwanted communications happening to real customers. Updating the key on an environment should either come with a warning as it possibly will break older backups or it should automatically re-encrypt the values in those backup files and on the current running version. 

For file documents / images i would like to replace the contents with a super small file on export.

As for offline native experience, as the data is being synced to the device of the user, I guess at that point the data should be stored decrypted on the device for usage purposes.

Part 2:

As a mendix developer I would like to be able to set fallback values for these encrypted attributes (and possibly all attributes) in my domain model. I guess this could work similar to “constants” you can overwrite in project database settings and that you can point to from your domain model. What would be ideal is if there was a widget in which you could real time alter these fallback values from the front-end when their referred encrypted attributes are encountered without being able to be decrypted. The widget should be only available on non-production environments. I personally envision this to be some tree table structure where you’re able to collapse / expand Modules > Entities > Attributes + their fallback values


Argumentation for this request:

  1. Privacy concerns: not being able to view client data on a local machine or on an environment it wasn’t created on. Laptops get lost / stolen occasionally, if you’ve got database copies on there this is a risk. But even laptops exchanging hands between old and new employees. And in reality as developers there is no reason for us to be able to look into a table full of customer data from our clients while debugging.
  2. Testing scenarios that occur on production without worrying about using the personal data from customers on that production environment, it would be nice if for these attributes there could be a “fallback value” set, so for instance when i’m developing locally maybe all I would like all e-mails to be sent to my personal e-mail etc. Or even when i’m just testing a new microflow not all data is available as perhaps an API is unavailable, i’m able to set fallback values into the response entity of that API and still continue my testing.
0 answers