我正在创建一个需要存储大量敏感数据的rails应用程序。为了确保我的客户数据受到保护,我想对每个用户加密。我做了研究寻找可以完成这一点的宝石。到目前为止,我发现了 strongbox 和 safe 。总之,这似乎为我提供了一个解决方案。
I am creating a rails application that needs to store a large amount of sensitive data. To assure my customers that the data is being protected, I want to encrypt it on a per-user basis. I have done research looking for gems that can accomplish this. So far I've found strongbox and safe. Together, this would seem to provide a solution for me.
但是,我想知道这是否是一个常见的做法。看起来大多数rails应用程序都有一些敏感数据来存储他们的用户。 AuthLogic 正在处理我的密码加密,但电子邮件和其他个人数据也同样敏感。通常的做法是将这些项目保留在数据库中,并假定它们永远不会被破坏?我知道数据库驻留在一个不能与外部世界通信的区域,但一个确定的攻击者可以容易地妥协这一点。 Rails开发人员的常见做法是让他们的数据不加密,只是信任其Web服务器的安全性。
However, I am wondering if this is a common practice. It would seem that most rails applications have some sensitive data to store regarding their users. AuthLogic is handling my password encryption, but emails and other personal data are just as sensitive. Is it common practice to leave these items unencrypted in the database and assume that it will never be compromised? I understand that the database resides in an area that can not communicate with the outside world, but a determined attacker could easily compromise this. Is it common practice for Rails developers leave their data unencrypted and simply trust the security of their web server?
推荐答案你的数据库是,你加密的任何东西都不能在SQL查询中使用,并且它仍然需要解密才能使用。这意味着您需要将解密密钥放在数据库附近,在大多数情况下,如果有人可能危及您的数据库,这意味着它们也同时损害了您的解密密钥。因此,加密步骤已经买了你很少。使用密码,不需要解密,因为它实际上是一个哈希函数。
The problem with encrypting your database is that anything you encrypt cannot be used in a SQL query, and also, it still has to be decrypted before it can be used. This means that you need to place the decryption key in close proximity to the database, and in most cases, if someone can compromise your database, that means they have also compromised your decryption key at the same time. Thus the encryption step has bought you very little. With passwords, no decryption is necessary because it's actually a hash function. You're far better off making sure the database is never compromised in the first place.
总是假设如果一个黑客可以危害你的安全的任何部分,他们可以妥协所有的。链子只有最弱的链接和所有这一切一样强。
Always assume that if a hacker can compromise any portion of your security, they can compromise all of it. Chain is only as strong as its weakest link and all that.
信用卡号码和社会安全号码(幸运的是,你通常不需要索引)最明显的例外,但如果你必须问这个问题,你没有业务存储这些项目在第一位。有各种各样的法律麻烦,你可以进去弄乱这些东西。
Credit card numbers and social security numbers (which fortunately you don't usually need to index on) are probably the most obvious exception to this, but if you have to ask this question, you've got no business storing those items in the first place. There's all kinds of legal trouble you can get into for messing that stuff up.
更多推荐
如何使用Rails保护数据库中的用户数据?
发布评论