1

I'm using devise for auth. I'd like to encrypt all the data a users enters before sending it into the db.

Is this possible?

I've found this gem but I'm not sure how I could solve the problem.

Basically no one how could access the database should be able to read the data, only with the users password.

to make it even more clear:

users creates a password on registration, I don't know that password because it's encrypted, user has some data which is encrypted as well, no one could access or read the data.

Am I too ambitious about that ?

Improve this question
1
  • Tekina is right about this. You should not let your users access the database like this for a number of reasons, some of which were mentioned in that answer. You should do this instead. Take their user name and password and combine with a salt. Store the salt in plain text, their private data encrypted by your key, and their login credentials hashed. That way in case of a server compromise, nobody can ID users or passwords. You never compare their plain text credentials. Compare hash to hash. Then if their hashes match, you be the gatekeeper and provide their private info. Commented Aug 20, 2015 at 22:01

1 Answer 1

Reset to default
2

I don't think that using user password to encrypt data is the best approach as you will have to constantly prompt user for her password, which would be very bad UX. If you plan to persist it somehow, you are exposing it to other kinds of attacks. Also, passwords are usually encrypted using one way hash, so good luck trying to encrypt/decrypt anything with users' passwords.

Your best approach must be to keep secure and restrict access of the DB itself. Alternatively, you can try out gems like Strongbox for encrypting sensitive data.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Solid, will try that gem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.