Rails - Store data that we can't read but that our app can?
Question
My friends and I are building a Rails app, and we were wondering: Is there any way our database can store user information in a way that we can't read (ie we want to honestly say to users, "we can't see your phone number!"), but that our app can still freely read and interact with? We basically need to be blind to the data but still capable of having our app read it.
2 answers
solution1
4 ACCPTED 2017-10-26 03:42:08
The only way I can suggest to do this is to encrypt the data on the client side using a password that only the client knows. You will need to find a client-side Javascript encryption library that will encrypt the user's phone number in the browser before sending it to you. Your server will not be able to do anything with the encrypted phone number except to redisplay to the user or to anyone who has the password.
Stanford has a javascript encryption library you may want to explore.
If you want your server to be able to do anything useful with the data (other than storing it), then there is no truly secure way to guarantee that you cannot see the data. Someone in your company, whether it is dev ops, DBA, IT, etc will be able to access the data if they want to. The user will just have to trust that you are keeping their data private. You can set up encryption and permissions to restrict who has access to the data, but in the end, at least one person other than the client will have access.
solution2
0 2017-10-26 03:39:12
It's related to user permissions. You should check the user permissions which are saved on DB and which user retrieves data
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.