is there an effective way to encrypt data from the user?
What I’m trying to do is to get ruby to send some information to a
server, however I’d rather that it was secured somehow, to prevent the
user from tampering with it. is that possible due ruby being a
interpreted language?
is there an effective way to encrypt data from the user?
What I’m trying to do is to get ruby to send some information to a
server, however I’d rather that it was secured somehow, to prevent the
user from tampering with it.
Ruby ships with OpenSSL support as part of the Standard Library. Good
examples are somewhat hard to come by online but if you look at slides
40-42 of the Anchoring Trust presentation linked in my signature along
with page 709 of the 2nd edition Pickaxe you should be able to figure
out the basics.
On Mon, Jun 16, 2008 at 2:26 AM, Phil Cooper-king [email protected] wrote:
is there an effective way to encrypt data from the user?
What I’m trying to do is to get ruby to send some information to a
server, however I’d rather that it was secured somehow, to prevent the
user from tampering with it. is that possible due ruby being a
interpreted language?
Hi Phil,
When you say you want to prevent tampering with the data, do you mean:
you want to prevent the user from seeing the raw data being sent, or
you want to prevent the user simply from altering the data being
sent?
If you just want to prevent altering and don’t care about seeing, you
could use a checksum, like an MD5, SHA1, SHA2, etc., all of which are
available in the ‘digest’ standard library. Specifically, you can do
is an append a secret “key” to the end of your data and perform one of
the checksums. You send your unencrypted data along with the checksum
to the server. The server can verify that the data has not been
altered by appending the same secret “key” to the data, performing the
checksum, and comparing the result to the checksum sent.
You haven’t said much about the context, so it’s hard to know whether
this solution would meet your needs or not. Are you trying to prevent
casual tampering or really trying to create a bullet-proof solution?
All of these issues need to be considered when evaluating a solution.
Best,
Eric
===
LearnRuby.com offers Rails & Ruby HANDS-ON public & ON-SITE workshops.
Ready for Rails R. Workshop June 23-24 Ann Arbor, Mich.
Ruby on Rails Workshop June 25-27 Ann Arbor, Mich.
Ruby Plus Rails Combo Workshop June 23-27 Ann Arbor, Mich.
Please visit http://LearnRuby.com for all the details.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.