2009/3/11 Jeff Pritchard <[email protected]> > > Jeff Pritchard wrote: > > I need to encrypt some items in the database in a rails app. > > > > I tried using the old "sentry" gem, but it doesn't seem to be surviving > > Rails 2. The stuff I found for Active Crypto on the web appeared to be > > many years old. > > > > What are folks using to encrypt db data via active record these days? > > > > thanks, > > jp > > I'm starting to question the validity of this whole notion. It seems to > be expected that one would encrypt database tables that hold sensitive > information (like a user's health information for example). > > Taking a step back from it though, what's the point? The database and > my app are all on the same server. Nobody can see the database files > unless they have access to my server. Anybody who does have access to > my server can look at the app to figure out how to read the encrypted > database tables/columns. > > So what is the supposed advantage of encrypting them in the first > place???? >
It may depend on the likelihood of someone leaving a CD backup copy of the database on a train (or a laptop with a copy of the db), and of how embarrassing that would be. If you are handling private personal information or commercially confidential data you must consider the possibility of litigation if the data escapes. Colin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
