Obfuscating sensitive data

In our app, users give us sensitive information (credentials for
logging into a third party site). At some point, we need those
credentials in cleartext in order to access the third party site, but
while they’re in our database, we want to make best effort for
protecting them.

What techniques have people used for this?

  • ff

On Mon, Mar 7, 2011 at 12:44 PM, Fearless F. [email protected]
wrote:

In our app, users give us sensitive information (credentials for
logging into a third party site). At some point, we need those
credentials in cleartext in order to access the third party site, but
while they’re in our database, we want to make best effort for
protecting them.

What techniques have people used for this? I find myself asking "WWMD
(What Would Mint.com Do?) – any suggestions?

You might find the ezcrypto gem helpful.

HTH,
Bill

On Mar 7, 1:44pm, Fearless F. [email protected] wrote:

In our app, users give us sensitive information (credentials for
logging into a third party site). At some point, we need those
credentials in cleartext in order to access the third party site, but
while they’re in our database, we want to make best effort for
protecting them.

What techniques have people used for this? I find myself asking "WWMD
(What Would Mint.com Do?) – any suggestions?

I’ve used Strongbox (https://github.com/spikex/strongbox) to protect
sensitive data before, but that was for an application where the
private key password wasn’t stored on the server at all (requests for
the data were user-initiated and prompted for the password). Your case
sounds like it might be considerably more automated, which
substantially weakens the protection of 99% of systems - if you’re
storing the keys with the data, then an attack which gets one will
likely get the other.

–Matt J.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs