1

I'd like to implement a RoR application that stores sensitive information in a database that is hosted by an untrusted third party. Essential functionality includes:

1) Database contents encrypted
2) Secure user session support under a RESTful paradigm
3) Database hosted by third party on the cheap.
4) Keys used to decrypt DB contents for client and server are protected from examination by third party web host admin.

I would use SSL for encrypted server-client communication. Can I implement a solution that keeps even me from being able to view stored user data, with the exception of data elements necessary to establish a RESTful user session? Can code that resides on the third party server be protected or obfuscated?

As a developer, is there a design implementation that allows me to honestly assure users that they are the only ones who can decrypt and view their data? I've got the feeling that the answer here is "no," but I thought I might ask others before admitting defeat.

Please comment on best practice (or your method) using RoR and RESTful architecture.

Thanks!

Improve this question

1 Answer 1

Reset to default
2

For (1), take a look at this SO question

For (2), you can use Devise or AuthLogic

For (3), Heroku (shared hosting) and Webbynode (if you prefer your vhost -- you have to set up security yourself) are pretty cheap.

For (4), looking at StrongBox, I think one way to make it work would be to not store the user secret in your database (perhaps ask for it when user logs in and store it in user session, but I don't know if that's possible.)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Jonny.Re: (1) Yah, saw it. It covers some of what I hope to do here, but offers no apparent solution. Re (2) Yup, looks like a good way to handle sessions. Re (3) OK, but someone else still has root access to those machines. Can the data and code still be protected? Seems not. (4) This is the rub. Key has to be readable by the code. If the untrusted host can read the code too, then it seems a short step to decrypting the database. Alas, you are the only responder thus far, so +1 for you and many thanks - Perry

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.