2

All the time I read about web services that defend user data by encrypting everything. In case of theft of the database, everything is safe (provided we assume all the usual stuff of cryptography).

I'm playing with a small Sinatra application (not really planning to launching it, it's more for an educational purpose) using the DataMapper ORM on top of Sqlite. I implemented basic user authentication (hashing and salting...all the usual stuff, in short) and I am happy with it.

The fact is that the core of the application requires personal information about the user: weights and other bodily measurements (which can be without any doubt considered personal and sensitive data, which people might not want to be public). So I'm wondering, how can I safely store that data? In the application everything is accessed only by the proper user (although being quite a beginner in this things and having coded almost everything by hand, I'm quite sure there are a lot of security bugs..but as I said I'm not really planing to do anything with it).

I thought about encrypting it using the user password and decrypting it after successfull authentication, but then what if the password is forgotten? What if the password is changed? I read (here on SO) that for these reasons it's best not to do it in this way.. but then how can it be done?

Helios
  • 457
  • 6
  • 17
  • It's not a bad approach to encrypt using the password, you'll have to update the date whenever the password changes and if the password is lost then so is the data. But then you'll need to make sure that the user password is encrypted securely. You could also use an open id based authentication, say their facebook profile. +1 good question – nikhil Mar 10 '13 at 10:45
  • 3
    @nikhil I disagree, using the password to encrypt is a bad idea. Using the password to _allow_ decryption is fine. Helios, I'd advise looking at [letting the database handle it](http://dba.stackexchange.com/questions/3585/postgresql-row-level-encryption), or using [rbnacl](https://github.com/cryptosphere/rbnacl) or just the [standard library's](http://stackoverflow.com/questions/4128939/simple-encryption-in-ruby-without-external-gems) encryption access. – ian Mar 10 '13 at 11:24
  • I was not aware of that feature in postgresql. If that is the case then your approach is much better for sure. – nikhil Mar 10 '13 at 16:00
  • personal data is never safe. Unless the user encrypts all data you are more or less responsible for everything and if you lose a password or keyfile everything is lost. – three Mar 10 '13 at 21:09
  • You also want to be careful not to expose your en/decrypt keys. You want to be sure that your attacker has a very hard time finding your decrypt key. A common strategy is to set an environment variable with the key, and put the env set code into a protected account area that is run for the account, but is not visible by the account. So an attacker has to get your app to expose the live environment variables in order to obtain your keys. Not the only way, but a way.. – Steve Midgley Sep 26 '13 at 20:55

1 Answers1

0

You can do a gem install attr_secure and then do the following for ruby objects:

Set your environment's ATTR_SECURE_SECRET, so doing a ENV["ATTR_SECURE_SECRET"] is working in the app. Also, set/alter any table columns for encrypted values so that they can hold the long, encrypted values.

Now you can do this (example from the attr_secure readme):

class Report < ActiveRecord::Base
  attr_secure :secret_value
end

r = Report.new
r.secret_value = "ThisIsATest"
r.save
=> #<Report id: 116, secret_value: "EKq88AMFeRLqEx5knUcoJ4LOnrv52d7hfAFgEKMoDKzqNei4m7k...">

r = Report.find(116)
r.secret_value
=> "ThisIsATest"

You can read more at: https://github.com/neilmiddleton/attr_secure

Frank
  • 143
  • 1
  • 9