Pepe, Unless you have a secure dedicated HW (something along the lines of the HSMs used in the financial industry), just encrypting the password is no better, as the encryption key must be stored somewhere and you end up with exactly the same problem...
Cheers, Sazima On Nov 27, 2:08 am, pepe <[EMAIL PROTECTED]> wrote: > Thanks Brian > > Like you said, it's not the best answer in this case. The company > policy has changed and these people are scrutinized by the government, > so the encryption is pretty much a must do. > > I have two ideas to solve this: > > 1. Hack the 'establish_connection' method (wherever it is. I am not an > expert...) and before the method is used decrypt the password already > read from database.yml. > 2. Create a class that would establish the connection from within the > models I have themselves and forget about going the regular Rails way. > > I don't like either way and I was just hoping that somebody had > already ran into this and had a better solution. > > Thanks for your suggestion, though. > > Pepe > > On Nov 26, 5:28 pm, "Brian Hogan" <[EMAIL PROTECTED]> wrote: > > > If they're asking you to encrypt thepasswordin thedatabase.yml file > > itself, you kinda can't. I think the best you can do is secure the > > flle's read permissions so that it can only be read by the owner > > (which should be the process that runs the app.) > > > If they can get access to that file and read its contents, chances are > > good that they can also start up the console, modify your ruby code, > > and change your app. The DBpasswordin that file is the least of your > > problems. > > > I realize that might not be the best answer, but as I understand it, > > it's not possible to do dbpasswordencryptionout of the box. > > > Anyone else know a better solution? > > > On Wed, Nov 26, 2008 at 4:07 PM, pepe <[EMAIL PROTECTED]> wrote: > > > > Hello. > > > > I currently have an application deployed and running and just recently > > > I have been asked to encrypt thedatabasepassword. Thepasswordis in > > > thedatabase.yml file. > > > > What would be the easiest way of making this work? > > > > Thank you. > > > > Pepe --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
