Forum: Ruby on Rails Fixing column value in the model

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
3275da7fdbd73cb4e7956fd0d29164de?d=identicon&s=25 Paul Bergstrom (palb)
on 2009-05-03 11:50
I'm using a Crypto.encrypt("string") to create a record for a column and
Crypto.decrypt(column) when reading and presenting it in the browser. I
do this in the controller. Can I do it in the model instead?
972f670ec6f9bf774836bb234d0e83c5?d=identicon&s=25 Brian Ledsworth (bledsworth)
on 2009-05-03 16:01
Pål Bergström wrote:
> I'm using a Crypto.encrypt("string") to create a record for a column and
> Crypto.decrypt(column) when reading and presenting it in the browser. I
> do this in the controller. Can I do it in the model instead?

Yes.  You can create a custom attribute for the unencypted version,
which will exist in memory and not be persisted.  You can then use a
Callback to encrypt and set the persisted column before an
insert/update.  Look at examples of authentication plugins and blog
posts and you'll see how it's done.

Also, don't forget to filter the parameter in the controller  (e.g.
filter_parameter_loggoing :password) so the form posted parameter is not
logged in clear text, assuming you're accepting if from a form that is.

b
3275da7fdbd73cb4e7956fd0d29164de?d=identicon&s=25 Paul Bergstrom (palb)
on 2009-05-03 16:34
Brian Mr wrote:
> Pål Bergström wrote:
>> I'm using a Crypto.encrypt("string") to create a record for a column and
>> Crypto.decrypt(column) when reading and presenting it in the browser. I
>> do this in the controller. Can I do it in the model instead?
>
> Yes.  You can create a custom attribute for the unencypted version,
> which will exist in memory and not be persisted.  You can then use a
> Callback to encrypt and set the persisted column before an
> insert/update.  Look at examples of authentication plugins and blog
> posts and you'll see how it's done.
>
> Also, don't forget to filter the parameter in the controller  (e.g.
> filter_parameter_loggoing :password) so the form posted parameter is not
> logged in clear text, assuming you're accepting if from a form that is.
>
> b

I got it working with before_save in the model, encrypting the data
before it goes to the db. Great.

But what about before show or listing records? How can I make a similar
decrypt? Don't understand what to use.
972f670ec6f9bf774836bb234d0e83c5?d=identicon&s=25 Brian Ledsworth (bledsworth)
on 2009-05-03 16:48
Pål Bergström wrote:
> Brian Mr wrote:
>> Pål Bergström wrote:
>>> I'm using a Crypto.encrypt("string") to create a record for a column and
>>> Crypto.decrypt(column) when reading and presenting it in the browser. I
>>> do this in the controller. Can I do it in the model instead?
>>
>> Yes.  You can create a custom attribute for the unencypted version,
>> which will exist in memory and not be persisted.  You can then use a
>> Callback to encrypt and set the persisted column before an
>> insert/update.  Look at examples of authentication plugins and blog
>> posts and you'll see how it's done.
>>
>> Also, don't forget to filter the parameter in the controller  (e.g.
>> filter_parameter_loggoing :password) so the form posted parameter is not
>> logged in clear text, assuming you're accepting if from a form that is.
>>
>> b
>
> I got it working with before_save in the model, encrypting the data
> before it goes to the db. Great.
>
> But what about before show or listing records? How can I make a similar
> decrypt? Don't understand what to use.

Simply add a public method to the model that returns the unendrypted
version.  The method will not map to an actual column in the db, but to
the controller it will appear just like any other colum.

e.g.

def myattribute
  Crypto.decrypt(column)
end
3275da7fdbd73cb4e7956fd0d29164de?d=identicon&s=25 Paul Bergstrom (palb)
on 2009-05-03 17:00
Brian Mr wrote:
> Pål Bergström wrote:

> Simply add a public method to the model that returns the unendrypted
> version.  The method will not map to an actual column in the db, but to
> the controller it will appear just like any other colum.
>
> e.g.
>
> def myattribute
>   Crypto.decrypt(column)
> end

I don't understand all the way. Probably a stupid question but could you
be more specific with what you mean with"myattribute"? Is that the
column name or?
972f670ec6f9bf774836bb234d0e83c5?d=identicon&s=25 Brian Ledsworth (bledsworth)
on 2009-05-03 17:35
Pål Bergström wrote:
> Brian Mr wrote:
>> Pål Bergström wrote:
>
>> Simply add a public method to the model that returns the unendrypted
>> version.  The method will not map to an actual column in the db, but to
>> the controller it will appear just like any other colum.
>>
>> e.g.
>>
>> def myattribute
>>   Crypto.decrypt(column)
>> end
>
> I don't understand all the way. Probably a stupid question but could you
> be more specific with what you mean with"myattribute"? Is that the
> column name or?

It's not a column, it's just a method.  ActiveRecord is just a Ruby
Class, so you can add your own methods.  e.g. To use the method in a
controller:

x = myrecord.find....
y = myrecord.myattribute

y now holds the unencypted value.
3275da7fdbd73cb4e7956fd0d29164de?d=identicon&s=25 Paul Bergstrom (palb)
on 2009-05-03 21:18
Brian Mr wrote:
> Pål Bergström wrote:

> y = myrecord.myattribute
>
> y now holds the unencypted value.

Got it working with this in the model:

before_save :crypt_data
after_save :decrypt_data
after_find :decrypt_data
define_method(:after_find) { }

Works perfect.

Just one more thing. How do I deal with search? I have a solution but
perhaps I'm not doing it right.

I have a custom decrypt on the data before the find using %string% and
LIKE, but it must be full words as the columns holds the encrypted data.
Anyway around this?
972f670ec6f9bf774836bb234d0e83c5?d=identicon&s=25 Brian Ledsworth (bledsworth)
on 2009-05-03 22:45
Pål Bergström wrote:
> Brian Mr wrote:
>> Pål Bergström wrote:
>
>> y = myrecord.myattribute
>>
>> y now holds the unencypted value.
>
> Got it working with this in the model:
>
> before_save :crypt_data
> after_save :decrypt_data
> after_find :decrypt_data
> define_method(:after_find) { }
>
> Works perfect.
>
> Just one more thing. How do I deal with search? I have a solution but
> perhaps I'm not doing it right.
>
> I have a custom decrypt on the data before the find using %string% and
> LIKE, but it must be full words as the columns holds the encrypted data.
> Anyway around this?

Sorry, don't have an answer for that.  If nobody else replies, you might
want to post a new question for that. Glad the got the rest working!

b
This topic is locked and can not be replied to.