Pål Bergström wrote:
> Brian Mr wrote:
>> Pål Bergström wrote:
>>> I'm using a Crypto.encrypt("string") to create a record for a column and
>>> Crypto.decrypt(column) when reading and presenting it in the browser. I
>>> do this in the controller. Can I do it in the model instead?
>>
>> Yes. You can create a custom attribute for the unencypted version,
>> which will exist in memory and not be persisted. You can then use a
>> Callback to encrypt and set the persisted column before an
>> insert/update. Look at examples of authentication plugins and blog
>> posts and you'll see how it's done.
>>
>> Also, don't forget to filter the parameter in the controller (e.g.
>> filter_parameter_loggoing :password) so the form posted parameter is not
>> logged in clear text, assuming you're accepting if from a form that is.
>>
>> b
>
> I got it working with before_save in the model, encrypting the data
> before it goes to the db. Great.
>
> But what about before show or listing records? How can I make a similar
> decrypt? Don't understand what to use.
Simply add a public method to the model that returns the unendrypted
version. The method will not map to an actual column in the db, but to
the controller it will appear just like any other colum.
e.g.
def myattribute
Crypto.decrypt(column)
end
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
