Open
Description
While testing the encryption module, we have realized the proxy do not offer support for protected numerical attributes (say "integer" or "serial" types on postgres).
This bug can be noticed when inserting data on protected fields. For example:
- Define a policy specifying that a numerical attribute will be protected.
- Create the table with the numerical attribute as type "integer" or "serial". This query will not fail and create the table on the remote cloud server as the same declared type.
- When inserting data into the table, the query will fail with a "format error", since the proxy will try to insert strings rather than integers into the cloud server.
We have analyzed this bug, considering the following points:
- The proxy "clones" the table creation query in the cloud server, modifying the attribute names for the protected ones (by calling the head function) and retaining the attribute types declared by the user.
- The Data Operations API receives the content to protect as strings and returns them in the same format.
- The proxy module converts the received data into strings before passing them to the protection module.
- Once the protection module has protected the data, the proxy will try to insert the protected strings into the cloud server.
- If the original type of the protected data is not string, the insertion will fail due the mismatch of the types.
We believe this bug must be repaired at proxy level, changing the format of the protected attributes (from whatever to string) and changing it back when getting the protected data. To this end, the proxy cloud add a "_integer" (for example) suffix to the attribute type in order to correctly identify the original attribute type of the unprotected data.