Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails: storing encrypted data in database

I want to encrypt database because confidential data is being stored. I use mongodb with mongoid. It possible for this kind of database? And what alternatives can you recomend, if it is not?

P.S. Main purpose is: if anybody hack the server and steal DB, it would be unencryptable.

UPDATE: thanks for nickh, I found very many soultions for ActiveRecord, but nothing for Mongoid and other Mongo clinets. It would be great to find some soultion for Mongo and Mongoid!

like image 253
petRUShka Avatar asked Dec 03 '10 09:12

petRUShka


People also ask

How does rails encryption work?

Using encryption in Rails 7 It works by declaring which attributes should be encrypted and seamlessly encrypting and decrypting them when needed. The encryption layer sits between the database and the application. The application will access unencrypted data, but the database will store it encrypted.

Can a database be encrypted?

Encryption of a database file is done at the page level. The pages in an encrypted database are encrypted before they're written to disk and are decrypted when read into memory. TDE doesn't increase the size of the encrypted database.

Can PostgreSQL be encrypted?

PostgreSQL offers encryption at several levels, and provides flexibility in protecting data from disclosure due to database server theft, unscrupulous administrators, and insecure networks. Encryption might also be required to secure sensitive data such as medical records or financial transactions.


1 Answers

I have gotten attr_encrypted working with Mongo and Mongoid. It takes only a few tweaks.

Make sure that all of the encrypted_ fields that are automatically created by attr_encrypted are explicitly created in the model. For instance, if you have:

    attr_encrypted :email, :key => 'blah blah blah', :encode => true

you need to have:

    field :email, :type => String
    field :encrypted_email, :type => String

Also notice you need to tell it to encode the encrypted string otherwise Mongo will complain loudly.

Lastly, if you're encrypting a hash, do this:

    field :raw_auth_hash, :type => Hash
    field :encrypted_raw_auth_hash, :type => String

    attr_encrypted :raw_auth_hash, :key => 'blah', :marshal => true, :encode => true
like image 71
Brendten Eickstaedt Avatar answered Oct 12 '22 00:10

Brendten Eickstaedt