what s the best approach for encrypted comparison I need to NetSuite Professionals #suitescript

what's the best approach for encrypted comparison?...

jeffmillies

11/20/2020, 5:45 PM

what's the best approach for encrypted comparison? I need to store sensitive information and also store it in an association table. The use case is an account number would be associated to a customer, many different account numbers would be possibly associated to the same customer. I would like to do a lookup either of the raw account number to the association table or encrypted lookup to the association table to see if it exists or not. I'm not familiar if this should be a password field or just a plain text and do the encryption myself. Anyone done something like this before? I know the "encryption" check box on a field doesn't let you search it in suitescript

battk

11/20/2020, 5:55 PM

depends on what you want out of your encryption

battk

11/20/2020, 5:56 PM

if you want nobody to know what the account numbers are, but be able to see see if it matches a value (like a password) then you can treat it as a password and hash it

battk

11/20/2020, 5:56 PM

ignore the netsuite definitions of passwords and lookup how you are actually supposed to hash passwords

jeffmillies

11/20/2020, 6:15 PM

that's what I was thinking I would have to do, but wasnt sure if there was more of a netsuite native way to do it

battk

11/20/2020, 6:17 PM

the native netsuite way relies on the password field, with the deprecated nlapiEncrypt using the 'sha1' encryption type to generate your hash

battk

11/20/2020, 6:22 PM

you can probably use a hmac from N/crypto if your account numbers are lesser than actual passwords

battk

11/20/2020, 6:23 PM

you lose out on things required to protect passwords like the same password having a different hash

jeffmillies

11/20/2020, 6:59 PM

got it, thanks for the info @battk

2 Views

Open in Slack

Previous Next