Encrypting databases


#1

Hi all, your thoughts appreciated:

I’d like to encrypt one of my databases, as described in the first Rails
book,
by putting encrypt and decrypt methods on the :after_find, :before_save,
and
:after_save hooks in my model (what a lovely transparent way rails does
things!). But unlike the book, I actually want to use real encryption,
perhaps
something from the OpenSSL library, something that requires a symmetric
key,
that I will ask the user to enter at login. Either that or just use some
hash of
the user’s login password. Either way, I’ll store this encryption key in
the
session, my thinking being that not storing the keys permanently will
help
prevent any nosy sysadmin seeing the data, even with the source code.

My question is this, how might I get the encryption key from my session
into the
model to do the (de|en)cryption? The session hash is not available to
the model
as this violates MVC apparently. I don’t want to have to pass the key as
a
parameter on every method call to the model, or do all the decryption in
the
controller, as this would be repeating myself, and not using the nice
transparency that Activerecord offers. Is it possible to inject the
value
somehow, or register some callback from the model into the controller,
or am I
going about this the wrong way entirely?!

Stu


#2

Theres an AR plugin to do this already…
Sentry I think.