开发者

Storing user-generated text in database securely (Ruby/Rails)

开发者 https://www.devze.com 2023-01-30 08:50 出处:网络
I\'m trying to figure out a way to store user-generated text securely in a database (so that only the user is the one who can access his/her stored text). I could have Rails encrypt and decrypt the us

I'm trying to figure out a way to store user-generated text securely in a database (so that only the user is the one who can access his/her stored text). I could have Rails encrypt and decrypt the user's text entries using the user's password as the key, but if the user ever forgot their password there would be no way to ever decrypt their previous content/text (since the Rails app uses BCrypt to store only a hash of 开发者_JAVA百科the password).

Does anyone know how that could be done? It looks like Dropbox does something like it: "All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password." (http://www.dropbox.com/help/27) Yet they allow you to reset your password and I'm assuming they don't store your plain text password anywhere.

What am I missing? Any suggestions would be greatly appreciated. Thanks!


Logic dictates that are only two options:

  1. You encrypt using a key known to the server (user's key hash or some other identifier). Intruders can potentially read all the encrypted data, but the user can never lose the encryption token because it is on your server.
  2. You encrypt the data using a key known to the user only (e.g. his password). Then intruders will not be able to read encrypted data, but if the user loses his key, the data is as good as a pile of random bits.

It's clear that Dropbox has chosen (1) from the fact that they allow to reset your password.


Build on Gintautas' Option 1 with a two-prong encryption plan:

  1. Apply option 1, with a key that is known to the server, and
  2. Store the database on disk in an encrypted format with a key that is known only to the server. E.g., in an encrypted volume. When the server starts up, the key must be manually entered in order to access the database.

This "static security" provided by part 2 protects against an intruder in the system gaining access to the database files. Maybe not 100% the exact security you're after, but getting closer.

0

精彩评论

暂无评论...
验证码 换一张
取 消