Forum: Ruby Secure data storage

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Stian H. (Guest)
on 2006-04-03 21:14
Greetings,

I am currently planning to write a diary type application using Ruby and
FXruby, and I am therefor looking for a secure way of storing data.
Using plain text files is of course out of the question, but I was
thinking of using SQLite, could that be secure enough? The idea is that
I don't want people to be able to simply view a users diary entries by
opening a file (preferrably, the data should be secured with a password
(and username) defined by the owner).

I am fairly experienced with databases and programming, but rather new
to Ruby and having to think about the fact that other people might be
using my program and therefor unknown people might have direct access to
the computer.

Thanks for any answers, tips and suggestions :)

Best regards,
Stian H.
Michael G. (Guest)
on 2006-04-03 22:07
(Received via mailing list)
I would consider simply building an 'encrypt' method that you call
before saving, and a 'descrypt' to be called while loading.

You can then call these no matter what storage medium you decide to use.
Daniel S. (Guest)
on 2006-04-04 00:10
(Received via mailing list)
Stian H. wrote:
> I am currently planning to write a diary type application using Ruby and
> FXruby, and I am therefor looking for a secure way of storing data.
> Using plain text files is of course out of the question, but I was
> thinking of using SQLite, could that be secure enough? The idea is that
> I don't want people to be able to simply view a users diary entries by
> opening a file (preferrably, the data should be secured with a password
> (and username) defined by the owner).

What platform is your application for? If it's for a UNIX-ish platform
(Linux, OSX, etc.,) simple file access control may suffice. If you're
dead serious about it, you can use heavyweight encryption.

Cheers,
Daniel S.
Stian H. (Guest)
on 2006-04-04 00:18
Daniel S. wrote:
> Stian H. wrote:
>
> What platform is your application for? If it's for a UNIX-ish platform
> (Linux, OSX, etc.,) simple file access control may suffice. If you're
> dead serious about it, you can use heavyweight encryption.
>
> Cheers,
> Daniel S.

I think it will probably be used mostly on Win XP computers, however
beeing a user from both worlds, I probably myself will at least use it
on a unix-ish platform. I do believe it can be possible to store the
data in the profile directory in WinXP, however I am unsure of how
secure this is.
J Irving (Guest)
on 2006-04-04 03:51
(Received via mailing list)
You could encrypt it under a password.

ezcrypto seems to do what it says on the tin.  You need openssl
installed, but once it is, encrypting the content is simple:

str = "Your private stuffs here"
k = EzCrypto::Key.with_password( "mypassword", "somesalt" )
ciphertxt = k.encrypt( str )

It uses 128 bit CBC AES by default, which should be adequate.

cheers
J
Stephan M. (Guest)
on 2006-04-04 14:11
(Received via mailing list)
* Stian H. <removed_email_address@domain.invalid> [060403 22:18]:

> I think it will probably be used mostly on Win XP computers, however
> beeing a user from both worlds, I probably myself will at least use it
> on a unix-ish platform. I do believe it can be possible to store the
> data in the profile directory in WinXP, however I am unsure of how
> secure this is.

If each user has its own database file this should be okay (every user
has to be/should be interested in the privacy of his data anyway).

Of course this will not work in case several users access the same
database file. ;)


Cheers,

Steph.
This topic is locked and can not be replied to.