I: Certificate ssl and encrypt...

< ^ > P N |<>|^_>< --- | ~ ...Help

-----Messaggio originale-----
Da: Diego Soreira [mailto:diegosoreira / yahoo.com.ar] 
Inviato: mercoled16 novembre 2011 17:12
A: ruby-talk ML
Oggetto: Re: Certificate ssl and encrypt...

Thanks Martin!

--- El mi16-nov-11, Martin BoÝÍet <martin.bosslet / googlemail.com>
escribi

De: Martin BoÝÍet <martin.bosslet / googlemail.com>
Asunto: Re: Certificate ssl and encrypt...
Para: "ruby-talk ML" <ruby-talk / ruby-lang.org>
Fecha: miñÓcoles, 16 de noviembre de 2011, 10:54

2011/11/16 Diego Soreira <diegosoreira / yahoo.com.ar>:
> Hi,
>
> I'm a newbie web development and I'm working with a web project in Rails
2.x.x. I need your help.
>
> I have 2 questions for all:
>
> Q.1. Could you suggest me a paper or webpage for learn how to install a
certificate ssl (for example. Verisign)? Because, i understood that the
certificate i should install in the apache web server, it's not problem for
the rails project but I'm not sure.

Assuming that you'd like to accomplish your task using mod_ssl, this looks
quite good:

http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-1> Q2. Is possible with any gem keep all data encrypted in the database?
Could you suggest me how to encrypt / decrypt the data in the database?
>

There's no single definite answer to your question, it depends largely on
your requirements what you really want to achieve.
There are numerous ways to encrypt data in a database, for example you could
use existing mechanisms offered by your database or you could do it manually
on the application level.
The benefit of the former is that there are solutions where only the
physical table space is encrypted, that's the most preferable option because
it does still process the data itself in plain text. If you encrypt the data
sets themselves, then you need to realize that you can no longer run queries
on the data, you lose the benefits of indices etc. - in short you basically
take away all the benefits that a database should offer you. So the best
option is to only encrypt absolutely private data and leave the rest
untouched.

Additionally you should not forget to secure the connection between app and
db - use TLS for the transport, otherwise your encryption scheme is
worthless: anyone could simply read the plain text data while it is
transferred.

But this is only the beginning, a lot of traps still await you. I'd suggest
to grab a book on the topic and to do some research on the
web/Stackoverflow. That should get you started!

Regards,
Martin


 
 
 --
 Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f
 
 Sponsor:
 Capodanno a Riccione, Pacchetto Relax: Mezza Pensione + bagno turco + solarium + massaggio. Wifi e parcheggio gratis. 2 giorni euro 199 a persona
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid977&d)-12