I want to encrypt database because confidential data is being stored. I use mongodb with mongoid. It possible for this kind of database? And what alternatives can you recomend, if it is not?
我想加密数据库,因为存储了机密数据。我用mongodb和mongoid。这种数据库有可能吗?如果不是,你可以提出哪些替代方案?
P.S. Main purpose is: if anybody hack the server and steal DB, it would be unencryptable.
附:主要目的是:如果有人破解服务器并窃取数据库,那将是无法加密的。
UPDATE: thanks for nickh, I found very many soultions for ActiveRecord, but nothing for Mongoid and other Mongo clinets. It would be great to find some soultion for Mongo and Mongoid!
更新:感谢nickh,我发现ActiveRecord有很多灵魂,但Mongoid和其他Mongo clinets没有。为Mongo和Mongoid找到一些灵魂会很棒!
5 个解决方案
#1
11
I have gotten attr_encrypted working with Mongo and Mongoid. It takes only a few tweaks.
我已经使用attr_encrypted与Mongo和Mongoid一起工作了。它只需要几个调整。
Make sure that all of the encrypted_ fields that are automatically created by attr_encrypted are explicitly created in the model. For instance, if you have:
确保在模型中显式创建由attr_encrypted自动创建的所有encrypted_字段。例如,如果你有:
attr_encrypted :email, :key => 'blah blah blah', :encode => true
you need to have:
你需要:
field :email, :type => String
field :encrypted_email, :type => String
Also notice you need to tell it to encode the encrypted string otherwise Mongo will complain loudly.
另请注意,您需要告诉它对加密字符串进行编码,否则Mongo会大声抱怨。
Lastly, if you're encrypting a hash, do this:
最后,如果您正在加密哈希,请执行以下操作:
field :raw_auth_hash, :type => Hash
field :encrypted_raw_auth_hash, :type => String
attr_encrypted :raw_auth_hash, :key => 'blah', :marshal => true, :encode => true
#2
8
I've had a lot of success with the attr_encrypted gem. However, I've only used it with ActiveRecord. I don't know if it works with MongoMapper or Mongoid.
我在attr_encrypted gem上取得了很大的成功。但是,我只在ActiveRecord中使用它。我不知道它是否适用于MongoMapper或Mongoid。
Regardless of how you implement this, I strongly recommend only encrypting certain fields. Don't encrypt every field in every table. Doing that will make it difficult to use associations, search using LIKE, etc.
无论你如何实现这一点,我强烈建议只加密某些字段。不要加密每个表中的每个字段。这样做会很难使用关联,使用LIKE搜索等。
#3
7
Try the mongoid-encrypted-fields gem - it is seamless as it handles encryption using mongoize/demongoize methods.
尝试mongoid-encrypted-fields gem - 它是无缝的,因为它使用mongoize / demongoize方法处理加密。
Just define your field like:
只需定义您的字段:
field :ssn, type: Mongoid::EncryptedString
Then you can access it like normal, but the data is stored encrypted.
然后您可以像平常一样访问它,但数据是加密存储的。
#4
1
http://ezcrypto.rubyforge.org/
http://ezcrypto.rubyforge.org/
Using postgreSQL with the ezcrypto gem atm - works reasonably well although there are limitations in using associations between models with encrypted fields (this maybe down to my inability to find the correct up-to-date fork of this project).
将postgreSQL与ezcrypto gem atm一起使用 - 工作得相当好,尽管在使用加密字段的模型之间使用关联存在限制(这可能取决于我无法找到该项目的正确最新分支)。
The encrypted fields are stored in the postgreSQL database as the BYTEA datatype and will usually require for single quotes to be escaped (another issue with the plugin),
加密字段作为BYTEA数据类型存储在postgreSQL数据库中,并且通常需要转义单引号(插件的另一个问题),
PostgreSQL does also have access to its own encryption / decryption modeul 'pgcrypto' which also returns a BYTEA datatype. Not sure how this would integrate with Rails activerecord and associations between models (probably badly :D).
PostgreSQL也可以访问自己的加密/解密模式'pgcrypto',它也返回BYTEA数据类型。不知道这将如何与Rails activerecord和模型之间的关联集成(可能很糟糕:D)。
#5
0
I use MongoDB in an app with the Mongoid ruby adapter. Ryan Bates (the demigod of Rails) recently made an outstanding railscast on this very issue http://railscasts.com/episodes/250-authentication-from-scratch.
我在带有Mongoid ruby适配器的应用程序中使用MongoDB。 Ryan Bates(Rails的半神人)最近在这个问题http://railscasts.com/episodes/250-authentication-from-scratch上做了出色的轨道广播。
I'm using this in a MongoDB app and it works perfectly for encrypting data. His tutorial video is mostly for encrypting passwords, but you can adapt it to any other field value you want.
我在MongoDB应用程序中使用它,它可以很好地加密数据。他的教程视频主要用于加密密码,但您可以将其调整为您想要的任何其他字段值。
I also have used attr_encrypted with much success but I'm not sure if it will work with MongoDB; only used it with ActiveRecord.
我也使用attr_encrypted取得了很大的成功,但我不确定它是否适用于MongoDB;仅与ActiveRecord一起使用。
#1
11
I have gotten attr_encrypted working with Mongo and Mongoid. It takes only a few tweaks.
我已经使用attr_encrypted与Mongo和Mongoid一起工作了。它只需要几个调整。
Make sure that all of the encrypted_ fields that are automatically created by attr_encrypted are explicitly created in the model. For instance, if you have:
确保在模型中显式创建由attr_encrypted自动创建的所有encrypted_字段。例如,如果你有:
attr_encrypted :email, :key => 'blah blah blah', :encode => true
you need to have:
你需要:
field :email, :type => String
field :encrypted_email, :type => String
Also notice you need to tell it to encode the encrypted string otherwise Mongo will complain loudly.
另请注意,您需要告诉它对加密字符串进行编码,否则Mongo会大声抱怨。
Lastly, if you're encrypting a hash, do this:
最后,如果您正在加密哈希,请执行以下操作:
field :raw_auth_hash, :type => Hash
field :encrypted_raw_auth_hash, :type => String
attr_encrypted :raw_auth_hash, :key => 'blah', :marshal => true, :encode => true
#2
8
I've had a lot of success with the attr_encrypted gem. However, I've only used it with ActiveRecord. I don't know if it works with MongoMapper or Mongoid.
我在attr_encrypted gem上取得了很大的成功。但是,我只在ActiveRecord中使用它。我不知道它是否适用于MongoMapper或Mongoid。
Regardless of how you implement this, I strongly recommend only encrypting certain fields. Don't encrypt every field in every table. Doing that will make it difficult to use associations, search using LIKE, etc.
无论你如何实现这一点,我强烈建议只加密某些字段。不要加密每个表中的每个字段。这样做会很难使用关联,使用LIKE搜索等。
#3
7
Try the mongoid-encrypted-fields gem - it is seamless as it handles encryption using mongoize/demongoize methods.
尝试mongoid-encrypted-fields gem - 它是无缝的,因为它使用mongoize / demongoize方法处理加密。
Just define your field like:
只需定义您的字段:
field :ssn, type: Mongoid::EncryptedString
Then you can access it like normal, but the data is stored encrypted.
然后您可以像平常一样访问它,但数据是加密存储的。
#4
1
http://ezcrypto.rubyforge.org/
http://ezcrypto.rubyforge.org/
Using postgreSQL with the ezcrypto gem atm - works reasonably well although there are limitations in using associations between models with encrypted fields (this maybe down to my inability to find the correct up-to-date fork of this project).
将postgreSQL与ezcrypto gem atm一起使用 - 工作得相当好,尽管在使用加密字段的模型之间使用关联存在限制(这可能取决于我无法找到该项目的正确最新分支)。
The encrypted fields are stored in the postgreSQL database as the BYTEA datatype and will usually require for single quotes to be escaped (another issue with the plugin),
加密字段作为BYTEA数据类型存储在postgreSQL数据库中,并且通常需要转义单引号(插件的另一个问题),
PostgreSQL does also have access to its own encryption / decryption modeul 'pgcrypto' which also returns a BYTEA datatype. Not sure how this would integrate with Rails activerecord and associations between models (probably badly :D).
PostgreSQL也可以访问自己的加密/解密模式'pgcrypto',它也返回BYTEA数据类型。不知道这将如何与Rails activerecord和模型之间的关联集成(可能很糟糕:D)。
#5
0
I use MongoDB in an app with the Mongoid ruby adapter. Ryan Bates (the demigod of Rails) recently made an outstanding railscast on this very issue http://railscasts.com/episodes/250-authentication-from-scratch.
我在带有Mongoid ruby适配器的应用程序中使用MongoDB。 Ryan Bates(Rails的半神人)最近在这个问题http://railscasts.com/episodes/250-authentication-from-scratch上做了出色的轨道广播。
I'm using this in a MongoDB app and it works perfectly for encrypting data. His tutorial video is mostly for encrypting passwords, but you can adapt it to any other field value you want.
我在MongoDB应用程序中使用它,它可以很好地加密数据。他的教程视频主要用于加密密码,但您可以将其调整为您想要的任何其他字段值。
I also have used attr_encrypted with much success but I'm not sure if it will work with MongoDB; only used it with ActiveRecord.
我也使用attr_encrypted取得了很大的成功,但我不确定它是否适用于MongoDB;仅与ActiveRecord一起使用。