Marcus Ob wrote the following on 09.06.2006 11:24 :
If i had a RoR application dealing with very reserved personal
informations about my customers, if my hosting provider would like to, i
guess it would be easy for him to steal the data by simply peeking the
username and password inside the database.yml file.
Is there a way to hide the database password from indiscrete eyes ?
Hiding the password doesn’t protect your database content if the hosting
provider has physical access to the system.
One wild idea, you could:
- use a DRB service designed to hold an encryption key and serve it to
your Rails app,
- set an admin page where you can enter the encryption key which will
store call the DRB it on the DRB service,
- then for each field you want to protect, you access the DRB service to
get the encryption key at write and read time (caching the key in a
global variable could help performance).
To break this, they will have to hire a Ruby coder to either :
- modify the admin page (and even find it if you access it by SSL) in
order to intercept the key,
- find out from the code how to access the DRB service to get the key
But if they put the system offline for data-mining, they’ll only find
encrypted data in the database.
The obvious problem is that each time the DRB service is restarted
you’ll have to put the key back.
You could script the key refreshing on one system you have complete
control of. It would monitor the availability of your application with
safeguards not allowing automatic key refreshing if the system was down
too long and may have been tampered with.
There are other techniques but they only deal with other levels of
obfuscation, if they are smart enough to let a coder access the system
without downtime you’re out of luck.
This obviously looks a lot like DRM techniques (with the same kind of