---1446626398-1398953878-13214599342459
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Martin!

--- El mi16-nov-11, Martin BoÝÍet <martin.bosslet / googlemail.com> escribi

De: Martin BoÝÍet <martin.bosslet / googlemail.com>
Asunto: Re: Certificate ssl and encrypt...
Para: "ruby-talk ML" <ruby-talk / ruby-lang.org>
Fecha: miñÓcoles, 16 de noviembre de 2011, 10:54

2011/11/16 Diego Soreira <diegosoreira / yahoo.com.ar>:
> Hi,
>
> I'm a newbie web development and I'm working with a web project in Rails 2.x.x. I need your help.
>
> I have 2 questions for all:
>
> Q.1. Could you suggest me a paper or webpage for learn how to install a certificate ssl (for example. Verisign)? Because, i understood that the certificate i should install in the apache web server, it's not problem for theails project but I'm not sure.

Assuming that you'd like to accomplish your task using mod_ssl, this
looks quite good:

http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-1

> Q2. Is possible with any gem keep all data encrypted in the database? Could you suggest me how to encrypt / decrypt the data in the database?
>

There's no single definite answer to your question, it depends largely
on your requirements what you really want to achieve.
There are numerous ways to encrypt data in a database, for example you
could use existing mechanisms offered
by your database or you could do it manually on the application level.
The benefit of the former is that there are solutions
where only the physical table space is encrypted, that's the most
preferable option because it does still process the
data itself in plain text. If you encrypt the data sets themselves,
then you need to realize that you can no longer run
queries on the data, you lose the benefits of indices etc. - in short
you basically take away all the benefits that a database
should offer you. So the best option is to only encrypt absolutely
private data and leave the rest untouched.

Additionally you should not forget to secure the connection between
app and db - use TLS for the transport, otherwise your encryption
scheme is worthless: anyone could simply read the plain text data
while it is transferred.

But this is only the beginning, a lot of traps still await you. I'd
suggest to grab a book on the topic and to do some research
on the web/Stackoverflow. That should get you started!

Regards,
Martin


---1446626398-1398953878-13214599342459--