Forum: Ruby on Rails encrypting databases

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
23e1a6c83befa782116313295751f6ff?d=identicon&s=25 unknown (Guest)
on 2006-05-15 11:54
(Received via mailing list)
Hi all, your thoughts appreciated:

I'd like to encrypt one of my databases, as described in the first Rails
book,
by putting encrypt and decrypt methods on the :after_find, :before_save,
and
:after_save hooks in my model (what a lovely transparent way rails does
things!). But unlike the book, I actually want to use real encryption,
perhaps
something from the OpenSSL library, something that requires a symmetric
key,
that I will ask the user to enter at login. Either that or just use some
hash of
the user's login password. Either way, I'll store this encryption key in
the
session, my thinking being that not storing the keys permanently will
help
prevent any nosy sysadmin seeing the data, even with the source code.

My question is this, how might I get the encryption key from my session
into the
model to do the (de|en)cryption? The session hash is not available to
the model
as this violates MVC apparently. I don't want to have to pass the key as
a
parameter on every method call to the model, or do all the decryption in
the
controller, as this would be repeating myself, and not using the nice
transparency that Activerecord offers. Is it possible to inject the
value
somehow, or register some callback from the model into the controller,
or am I
going about this the wrong way entirely?!

Stu
A544c72235bbeb3f5fd5b4cf7c00945d?d=identicon&s=25 kris (Guest)
on 2006-05-16 21:00
Theres an AR plugin to do this already...
Sentry I think.
This topic is locked and can not be replied to.