How to secure username, password, api_keys
Question
We are building a rails application backed by mysql which will store sensitive information such as username, password, api_key which are specific to each logged in user.
Is there a gem which will allow protection of such production data against stealing by internal team members or external folks.
We don't want sensitive information to be printed in logs We should be able to prevent reverse engineering the sensitive data in case the data is stolen.
How should we design the system to avoid the above scenarios.
1 answers
solution1
0 2014-05-11 16:07:05
You can prevent certain parameters from being shown in Rails logs with:
config.filter_parameters << :parameter_name
More information about that is available at http://guides.rubyonrails.org/configuring.html#rails-general-configuration
Be aware data could still show in your database logs, or other logs your system may be collecting.
You should be encrypting things like passwords anyway, but how much access your team will have to the will presumably be affected by how much access they have to the source code/logs/database in the first place.
As for external access, a good start would be the Rails security documentation at http://guides.rubyonrails.org/security.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.