Props to Andy's solution - thats pretty awesome... hopefully not everyone needs that!
On Jul 6, 5:19 am, Andy Jeffries <a...@andyjeffries.co.uk> wrote: > On 6 July 2010 10:34, Sumanta Das <li...@ruby-forum.com> wrote: > > > Or if there is any way so that I can encrypt my code > > without interrupting the execution of the application. > > You can do this (I've had to do it for a client) but it's not simple and I > can't share my solution's code. However, you basically go along the lines > that you have a class responsible for decrypting/encrypting code (I used > Base64 encoded AES). You then have Rake tasks that go through all Ruby (I > did YAML too as YAML files are executed as ERB first) files, encrypt the > content and replace the file contents with contents like this: > > require 'config_decryptor' > eval ConfigDecryptor.decrypt(...ENCRYPTED_CONTENT_HERE...) > > Your config_decryptor.rb file has to be in the load path - I handled this by > requiring the full path in a config/preinitializer.rb file. > > The eval is done once as the Ruby class files are cached in memory during > production mode. > > The next problem is getting the key in to Ruby. I did this by having a Rake > task that puts it in to a specific named file in /tmp which is then read by > my class (during a call in preinitializer.rb) and deleted. It's not ideal, > but it works for my purpose and would also work for yours. > > The last step, if you're using Passenger ensure that the last child is never > killed off (if it is, it will lose the decryption key which is now only in > memory). I can't remember the setting but there's a timeout setting which > you can set to zero so the last child never dies. > > I would however, recommend against doing this - server security and not > giving out the username/password is far and away the best solution. I work > in a specific industry in a country with a lot of security requirements so > had no choice - but it's a solution and something I wished I never had to > write ;-) > > Cheers, > > Andy -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
