On Wed, Nov 26, 2008 at 8:08 PM, pepe <[EMAIL PROTECTED]> wrote: > policy has changed and these people are scrutinized by the government, > so the encryption is pretty much a must do.
Reality and "must do" sometimes conflict :-) > 1. Hack the 'establish_connection' method (wherever it is. I am not an > expert...) and before the method is used decrypt the password already > read from database.yml. If you have a way to "decrypt the password" in the code, then anyone with access to the system can find it, and get the password, or use the routine to execute their own code. No different than reading it out of database.yml. > 2. Create a class that would establish the connection from within the > models I have themselves and forget about going the regular Rails way. See above. > I don't like either way and I was just hoping that somebody had > already ran into this and had a better solution. The only way around it is to have someone enter the password into the system at startup, which means no automatic restart. If you've got 24x7 admin support, that may be acceptable. But even that's not a perfect solution if your system's been compromised. Better to keep the bad guys out of your system in the first place, I'd think :-) FWIW, -- Hassan Schroeder ------------------------ [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
