How to store variables passed to a Ruby class when initializing securely so that they can be accessed by other methods?
Question
I need to know how to securely store the parameters passed into a Ruby class when initializing as shown below...
myclass = MyClass.new(auth_token)
... So that it can be accessed by other methods in the class to perform their actions like this:
myclass.do_something
The parameters that I pass are very sensitive so the security should be the highest priority. How can I achieve this?
2 answers
solution1
1 ACCPTED 2015-08-14 03:52:32
You can encrypt the value before you store it, then store the encrypted value.
Then when you want to retrieve it you would decrypt it and then display the value.
You can use AES-128/AES-256 to encrypt the data using the ruby OpenSSL::Cipher and Digest libraries
Here is a post I made showing how to use the libraries to encrypt-decrypt whatever values you want.
Keep in mind you will need to keep track of your key and initialization vector
solution2
0 2015-08-14 06:05:49
If intruders encompasses people who can run ruby code in your process then this cannot be done.
Ruby allows private methods to be called, instance variables to be read and so on. Even if you encrypted the data, someone who can run code inside your ruby process could monkey patch the encryption methods to not do anything or gain access to the encryption keys
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.