Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
We also have a homepage and documentation for you to check out.
Krptn
pip install krptn
What problem do we solve?
We all love Django and other web frameworks! However, their primary focus is creating websites - not implementing secure storage for user data. Django makes it easy to store data. While it hashes the password, it does not encrypt user data for you. In case of a data breach, malicious actors could access any data from the DB. Encryption is left to the developer...
Wouldn't it be nice if encryption would also be handled? Perhaps it could be handled in a way that keys are derived from credentials, such that, without the user entering credentials, not even the database administrator can read it?! This is exactly what we do!
We also handle user authentication, including MFA, and passwordless authentication.
Krptn also runs in the same server instance as your web app. So you don't have to host anything new. Just install the extension for Python.
To prove that such is possible, we have a Flask and Django example on GitHub.
What do we do exactly?
We are building a user authentication and access management system (IAM) with data encryption at rest derived from credentials. It is available as a python extension module. However we have certain limitations.
How we achieve this?
- All data is encrypted (any data can be requested by the developer to be secured)
- Only the appropriate users' credentials can unlock the cryptosystem (this protects you from server-side attacks)
This gives you security from encryption without ever needing to even notice it! It protects you from server side attacks.
Here is an example usage:
from krypton.auth.users import userModel
model = userModel.standardUser(None)
model.saveNewUser("Test_UserName", "Test_Password")
model.data.email = "test@example.com" # The email will be encrypted, and securely stored
Try it out
Quickly install the package with pip for Python>3.9:
pip install krptn
Have a look at our User Authentication documentation, and create some users.
Ready to integrate it into your WebApp? Have a look at some of our integration's available with Django and Flask!
FAQs
IAM and data encryption at rest
We found that krptn demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025