Sure, so some of the measures in order to protect privacy: - Encrypting columns for PII data such as messages and sat scores and what not. - Different DB user for schema maintenance and actual reads/writes - Cancan for trimming records (but also authorising specific fields) - Encrypting OAUTH access tokens - Backing up the databases with GPG before backing up to s3 - Sanitising the database with cleanup scripts - Experimenting with Row Level Security in PG to ensure that data is tenant-scoped. - Adding audit trails to data accessed and marking them so they can be filtered in a third party logger such as Papertrail - Scrubbing of the sensitive fields in the loggers.
However it is still a pain to do properly. Securing data means understanding the attack vectors and ensuring you mitigate them. It's easy to do it wrong and just end up with a bunch of overhead. Things that should be standard with the proper documentation would be: - A way to encrypt data and attach policies to it via a unified DSL. I.e `has_senstive_data :ssn, policy: critical` or `has_senstive_field :email, searchable:true` (this would encrypt the email but make the email searchable via a blind index) - A way to scrub that data via a simple rake task using said DSL. - A way to ensure that this data will never show up in the logs - A way to lazy decrypt/fetch the data on request - A way to log the sensitive data accessed and by whom. - A way that rails only select the fields from the tables that it has access to. Encrypting the data helps for things like SQL injection attacks, but doesn't really protect against remote execution exploits (i.e a person could dump the env vars and decrypt the data) For this, you'd need an out of bounds mechanism such as vault that would provide things like short token leases to the data and maybe 2FA before the data can be accessed. If we would settle on a DSL or an API for protecting the data we can then make different adapters for the underlying PII store. I.e database, vault or whatever is there. On top of that, GDPR requires a bunch of additional things such as erasing a persons data, auto expiration or requesting a dump of the data. But this is probably out of scope. Let me know what you think! On Saturday, February 9, 2019 at 5:32:41 PM UTC+1, Jeremy Daer wrote: > > That would be wonderful, Emile! Guidance like this would be very helpful, > and all apps need it. Writing a GDPR/privacy-aware app should feel like the > default with Rails. > > Could you share a summary of the privacy measures you implemented for apps > over the years and think should be integrated with Rails? > On Sat, Feb 9, 2019 at 05:27 <em...@54hrs.com <javascript:>> wrote: > >> Hi all, >> >> I've been using a lot of different gems such as attr_encrypted and >> crypt_keeper to secure and encrypt PII data over the years. >> I think it would be awesome if rails would be the frontrunner for >> building web-apps with privacy in mind and therefore would have things >> like encryption and PII securing out of the box. >> >> Is this maybe something people are interested in building together with >> me? The short term goals would be to make something like >> specific attr_encrypted kind of fields and writing proper guides on >> securing your rails app with PII in mind. >> >> Looking forward to your feedback, >> >> Emile >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Core" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to rubyonrails-co...@googlegroups.com <javascript:>. >> To post to this group, send email to rubyonra...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/rubyonrails-core. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-core@googlegroups.com. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
