Certificate ssl and encrypt

Ruby
1

Hi,

I’m a newbie web development and I’m working with a web project in Rails
2.x.x. I need your help.

I have 2 questions for all:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem
for the rails project but I’m not sure.

Q2. Is possible with any gem keep all data encrypted in the database?
Could you suggest me how to encrypt / decrypt the data in the database?

Thank you for all!

Bye!

PD: Sorry, about my Tarzan english. Any english teacher? jeje…

2

2011/11/16 Diego S. [email protected]:

Hi,

I’m a newbie web development and I’m working with a web project in Rails 2.x.x.
I need your help.

I have 2 questions for all:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem for the
rails project but I’m not sure.

Assuming that you’d like to accomplish your task using mod_ssl, this
looks quite good:

Q2. Is possible with any gem keep all data encrypted in the database? Could you
suggest me how to encrypt / decrypt the data in the database?

There’s no single definite answer to your question, it depends largely
on your requirements what you really want to achieve.
There are numerous ways to encrypt data in a database, for example you
could use existing mechanisms offered
by your database or you could do it manually on the application level.
The benefit of the former is that there are solutions
where only the physical table space is encrypted, that’s the most
preferable option because it does still process the
data itself in plain text. If you encrypt the data sets themselves,
then you need to realize that you can no longer run
queries on the data, you lose the benefits of indices etc. - in short
you basically take away all the benefits that a database
should offer you. So the best option is to only encrypt absolutely
private data and leave the rest untouched.

Additionally you should not forget to secure the connection between
app and db - use TLS for the transport, otherwise your encryption
scheme is worthless: anyone could simply read the plain text data
while it is transferred.

But this is only the beginning, a lot of traps still await you. I’d
suggest to grab a book on the topic and to do some research
on the web/Stackoverflow. That should get you started!

Regards,
Martin

3

Thanks Martin!

— El mi 16-nov-11, Martin B. [email protected]
escribi:

De: Martin B. [email protected]
Asunto: Re: Certificate ssl and encrypt…
Para: “ruby-talk ML” [email protected]
Fecha: mircoles, 16 de noviembre de 2011, 10:54

2011/11/16 Diego S. [email protected]:

Hi,

I’m a newbie web development and I’m working with a web project in Rails 2.x.x.
I need your help.

I have 2 questions for all:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem for the
rails project but I’m not sure.

Assuming that you’d like to accomplish your task using mod_ssl, this
looks quite good:

Q2. Is possible with any gem keep all data encrypted in the database? Could you
suggest me how to encrypt / decrypt the data in the database?

There’s no single definite answer to your question, it depends largely
on your requirements what you really want to achieve.
There are numerous ways to encrypt data in a database, for example you
could use existing mechanisms offered
by your database or you could do it manually on the application level.
The benefit of the former is that there are solutions
where only the physical table space is encrypted, that’s the most
preferable option because it does still process the
data itself in plain text. If you encrypt the data sets themselves,
then you need to realize that you can no longer run
queries on the data, you lose the benefits of indices etc. - in short
you basically take away all the benefits that a database
should offer you. So the best option is to only encrypt absolutely
private data and leave the rest untouched.

Additionally you should not forget to secure the connection between
app and db - use TLS for the transport, otherwise your encryption
scheme is worthless: anyone could simply read the plain text data
while it is transferred.

But this is only the beginning, a lot of traps still await you. I’d
suggest to grab a book on the topic and to do some research
on the web/Stackoverflow. That should get you started!

Regards,
Martin

4

Thanks Brian!

— El mi 16-nov-11, Brian C. [email protected] escribi:

De: Brian C. [email protected]
Asunto: Re: Certificate ssl and encrypt.
Para: “ruby-talk ML” [email protected]
Fecha: mircoles, 16 de noviembre de 2011, 12:44

Diego S. wrote in post #1032137:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem
for the rails project but I’m not sure.

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28

5

-----Messaggio originale-----
Da: Diego S. [mailto:[email protected]]
Inviato: mercoled 16 novembre 2011 13:36
A: ruby-talk ML
Oggetto: Certificate ssl and encrypt…

Hi,

I’m a newbie web development and I’m working with a web project in Rails
2.x.x. I need your help.

I have 2 questions for all:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem
for
the rails project but I’m not sure.

Q2. Is possible with any gem keep all data encrypted in the database?
Could
you suggest me how to encrypt / decrypt the data in the database?

Thank you for all!

Bye!

PD: Sorry, about my Tarzan english. Any english teacher? jeje…


Caselle da 1GB, trasmetti allegati fino a 3GB e in piu’ IMAP, POP3 e
SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f

Sponsor:
Riccione Hotel 3 stelle in centro: Pacchetto Capodanno mezza pensione,
animazione bimbi, zona relax, parcheggio. Scopri l’offerta solo per
oggi…
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid983&d)-12

6

Diego S. wrote in post #1032137:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem
for the rails project but I’m not sure.

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28

7

-----Messaggio originale-----
Da: Diego S. [mailto:[email protected]]
Inviato: mercoled 16 novembre 2011 17:17
A: ruby-talk ML
Oggetto: Re: Certificate ssl and encrypt.

Thanks Brian!

— El mi 16-nov-11, Brian C. [email protected] escribi:

De: Brian C. [email protected]
Asunto: Re: Certificate ssl and encrypt.
Para: “ruby-talk ML” [email protected]
Fecha: mircoles, 16 de noviembre de 2011, 12:44

Diego S. wrote in post #1032137:

Q.1. Could you suggest me a paper or webpage for learn how to install
a certificate ssl (for example. Verisign)? Because, i understood that
the certificate i should install in the apache web server, it’s not
problem for the rails project but I’m not sure.

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28


Posted via http://www.ruby-forum.com/.


Caselle da 1GB, trasmetti allegati fino a 3GB e in piu’ IMAP, POP3 e
SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f

Sponsor:
Capodanno a Riccione, Pacchetto Relax: Mezza Pensione + bagno turco +
solarium + massaggio. Wifi e parcheggio gratis. 2 giorni euro 199 a
persona
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid978&d)-12

8

-----Messaggio originale-----
Da: Diego S. [mailto:[email protected]]
Inviato: mercoled 16 novembre 2011 17:12
A: ruby-talk ML
Oggetto: Re: Certificate ssl and encrypt…

Thanks Martin!

— El mi 16-nov-11, Martin B. [email protected]
escribi:

De: Martin B. [email protected]
Asunto: Re: Certificate ssl and encrypt…
Para: “ruby-talk ML” [email protected]
Fecha: mircoles, 16 de noviembre de 2011, 10:54

2011/11/16 Diego S. [email protected]:

Hi,

I’m a newbie web development and I’m working with a web project in Rails
2.x.x. I need your help.

I have 2 questions for all:

Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it’s not problem
for
the rails project but I’m not sure.

Assuming that you’d like to accomplish your task using mod_ssl, this
looks
quite good:

Q2. Is possible with any gem keep all data encrypted in the database?
Could you suggest me how to encrypt / decrypt the data in the database?

There’s no single definite answer to your question, it depends largely
on
your requirements what you really want to achieve.
There are numerous ways to encrypt data in a database, for example you
could
use existing mechanisms offered by your database or you could do it
manually
on the application level.
The benefit of the former is that there are solutions where only the
physical table space is encrypted, that’s the most preferable option
because
it does still process the data itself in plain text. If you encrypt the
data
sets themselves, then you need to realize that you can no longer run
queries
on the data, you lose the benefits of indices etc. - in short you
basically
take away all the benefits that a database should offer you. So the best
option is to only encrypt absolutely private data and leave the rest
untouched.

Additionally you should not forget to secure the connection between app
and
db - use TLS for the transport, otherwise your encryption scheme is
worthless: anyone could simply read the plain text data while it is
transferred.

But this is only the beginning, a lot of traps still await you. I’d
suggest
to grab a book on the topic and to do some research on the
web/Stackoverflow. That should get you started!

Regards,
Martin


Caselle da 1GB, trasmetti allegati fino a 3GB e in piu’ IMAP, POP3 e
SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f

Sponsor:
Capodanno a Riccione, Pacchetto Relax: Mezza Pensione + bagno turco +
solarium + massaggio. Wifi e parcheggio gratis. 2 giorni euro 199 a
persona
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid977&d)-12