If they're asking you to encrypt the password in the database.yml file itself, you kinda can't. I think the best you can do is secure the flle's read permissions so that it can only be read by the owner (which should be the process that runs the app.)
If they can get access to that file and read its contents, chances are good that they can also start up the console, modify your ruby code, and change your app. The DB password in that file is the least of your problems. I realize that might not be the best answer, but as I understand it, it's not possible to do db password encryption out of the box. Anyone else know a better solution? On Wed, Nov 26, 2008 at 4:07 PM, pepe <[EMAIL PROTECTED]> wrote: > > Hello. > > I currently have an application deployed and running and just recently > I have been asked to encrypt the database password. The password is in > the database.yml file. > > What would be the easiest way of making this work? > > Thank you. > > Pepe > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
