You can get most of the correct behavior by specifying:
attr_accessor :some_attribute_to_encrypt, :type => :some_type
*before* the attr_encrypted line. The attr_encrypted call will repeat
the attr_accessor stuff, but the type definition will remain. You'll
still need to explicitly include the field where you need it (in the
arguments to fields-list, for instance).
I've also used the Strongbox gem recently with good results; it takes
care of the messy details of using public-key encryption. This is much
more secure than the symmetric method used by attr_encrypted, since
the private key can be password-protected and (critically) NOT stored
on the server. Otherwise, you're almost better off not bothering with
encryption as a server compromise will give up both the DB and the keys.
One other note: 95% of the time, if you think you need encryption what
you really need is to stop storing sensitive data. Especially if it's
credit card data, you'll want to look at both the PCI compliance rules
(tough if you're storing whole CC numbers, and some data isn't even
storable encrypted, like CVV2) and some of the alternative solutions
out there for doing recurring billing and CC tokenization.
--Matt Jones
On Apr 27, 2010, at 6:36 AM, Tom wrote:
Hi I have to encrypt data in my database. In Rails we have gem
attr_encrypted which does it in a very elegant way, but it requires
that collumns are attributs. How can I use it with hobo? If I can't
then how can I create a transparent mechanism for crypting data?
--
You received this message because you are subscribed to the Google
Groups "Hobo Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/hobousers?hl=en
.
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.
