1. The first consideration is: is the level of spending tied to the overall strategy? Given that there are uncertain returns for IT investments, the spending should be considered like any other business investment and prudence should be exercised just the same. While industry bookmarks can be an exceptional indicator, they should not be the targeted spending.
2. The second consideration is: is the money focused on essential, benefit producing programs? While it may be tempting to streamline all business processes, it is foolish to equally distribute investments among business processes that will benefit unevenly. However, a careful balance must be struck to avoid any bottlenecks.
3. The third consideration is: at what scope will the business benefit from IT centralization? Another tempting move may be to provide company-wide IT integration, or centralization, regardless of the cost. This may appear to be an excellent way to provide cost savings (by buying in bulk), but the added benefit of centralization may be entirely mitigated by the added costs.
4. The fourth consideration is: does the business need a premier, top-of-the-line system to operate efficiently? If left to IT management, the added cost/benefit ratio may be clearly defined in raw technology terms, but the benefit as perceived by IT management may not translate to overall benefits to the business.
5. The fifth consideration is: at what point does the marginal cost of more hassle cross the marginal benefit of more security?  In other words, by increasing IT security, are you inadvertently creating insurmountable obstacles for non-IT employees? Research suggests that the weakest link of most security chains is the human element, and the human element is best handled through proper training, not extravagant (and costly) firewalls and encryption.
6. The sixth and final consideration is: place blame on the management of IT implementation, not the IT systems. Most IT systems are built to exact specifications, and many are industry wide solutions adopted elsewhere. When the expected benefits don’t materialize, find the problem in the decision chain that approved inappropriate systems, not in the IT system itself.

Six IT Decisions Your IT People Shouldn’t Make – March 3, 2009 – Jeanne W. Ross and Peter Weill

I love Django, and I love Django Snippets, but I’ve noticed some snippets are out of date, most notably for me, Django snippet 1095 or Django Encryption. Unfortunately, some folks are hitting a few snags on TypeError: “Non-hexadecimal digit found”.

Luckily, it seems that Django-Fields have solved this problem for us! Here is my (their) technique!

Make a file named encryption.py to go into the same folder as your settings.py containing:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

import binascii
import random
import string
 
from django import forms
from django.db import models
from django.conf import settings
 
class BaseEncryptedField(models.Field):
    '''This code is based on the djangosnippet #1095
You can find the original at http://www.djangosnippets.org/snippets/1095/'''
 
    def __init__(self, *args, **kwargs):
        cipher = kwargs.pop('cipher', 'AES')
        imp = __import__('Crypto.Cipher', globals(), locals(), [cipher], -1)
        self.cipher = getattr(imp, cipher).new(settings.SECRET_KEY[:32])
        self.prefix = '$%s$' % cipher
 
        max_length = kwargs.get('max_length', 40)
        mod = max_length % self.cipher.block_size
        if mod > 0:
            max_length += self.cipher.block_size - mod
        kwargs['max_length'] = max_length * 2 + len(self.prefix)
 
        models.Field.__init__(self, *args, **kwargs)
 
    def _is_encrypted(self, value):
        return isinstance(value, basestring) and value.startswith(self.prefix)
 
    def _get_padding(self, value):
        mod = len(value) % self.cipher.block_size
        if mod > 0:
            return self.cipher.block_size - mod
        return 0
 
 
    def to_python(self, value):
        if self._is_encrypted(value):
            return self.cipher.decrypt(binascii.a2b_hex(value[len(self.prefix):])).split('\0')[0]
        return value
 
    def get_db_prep_value(self, value):
        if value is not None and not self._is_encrypted(value):
            padding = self._get_padding(value)
            if padding > 0:
                value += "\0" + ''.join([random.choice(string.printable) for index in range(padding-1)])
            value = self.prefix + binascii.b2a_hex(self.cipher.encrypt(value))
        return value
 
class EncryptedTextField(BaseEncryptedField):
    __metaclass__ = models.SubfieldBase
 
    def get_internal_type(self):
        return 'TextField'
 
    def formfield(self, **kwargs):
        defaults = {'widget': forms.Textarea}
        defaults.update(kwargs)
        return super(EncryptedTextField, self).formfield(**defaults)
 
class EncryptedCharField(BaseEncryptedField):
    __metaclass__ = models.SubfieldBase
 
    def get_internal_type(self):
        return "CharField"
 
    def formfield(self, **kwargs):
        defaults = {'max_length': self.max_length}
        defaults.update(kwargs)
        return super(EncryptedCharField, self).formfield(**defaults))

And then in your models.py:

1
2
3
4
5
6
7
8
9
10

from encryption import EncryptedCharField
...
class Example(models.Model):
    secret = EncryptedCharField(max_length=255)
 
    class Meta:
        ordering = ('secret',)
 
    def __unicode__(self):
        return self.secret

This should be pretty explanatory! Have fun!

PS: You need PyCrypto! Google much?