adventures in paranoia with sinatra and sequel
TRANSCRIPT
with sinatra and sequel
Eleanor McHugh@feyeleanor
http://github.com/feyeleanor
adventures in paranoia
rough cut
Thursday, 4 April 2013
with sinatra and sequel
Eleanor McHugh@feyeleanor
http://github.com/feyeleanor
adventures in paranoia
rough cut
Thursday, 4 April 2013
with sinatra and sequel
Eleanor McHugh@feyeleanor
http://github.com/feyeleanor
adventures in paranoia
rough cut
Thursday, 4 April 2013
think carefully before doing security
caveat lector
rough cut
Thursday, 4 April 2013
I am not a certified security professional
and it's unlikely you are either
what follows is definitely above our pay grade
and presented to provoke further study
so if privacy truly matters to you - and it should
hire a certified security professional
then follow their advice assiduously
http://slides.games-with-brains.netThursday, 4 April 2013
adventurePronunciation: /əәdˈvɛntʃəә/
noun{mass noun}
an unusual and exciting or daring experience: her recent adventures in Italy
excitement associated with danger or the taking of risks: she travelled the world in search of adventure
a reckless or potentially hazardous action or enterprise.
archaic a commercial venture.
http://slides.games-with-brains.netThursday, 4 April 2013
paranoiaPronunciation: /ˌparəәˈnɔɪəә/
noun{mass noun}
a mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality.
unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers
http://slides.games-with-brains.netThursday, 4 April 2013
paranoiaPronunciation: /ˌparəәˈnɔɪəә/
noun{mass noun}
the perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or nefarious intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or mixing with cryptographers and cypherpunks.
justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals
http://slides.games-with-brains.netThursday, 4 April 2013
trust no onehow can we believe our visitors are who they claim to be
http://slides.games-with-brains.netThursday, 4 April 2013
trust no onehow can visitors be confident we protect their privacy
http://slides.games-with-brains.netThursday, 4 April 2013
establish a well-known presence
assign globally unique identities
only accept opaque credentials
secure storage wherever identity data rests
secure transport wherever identity data moves
separate authentication and authorisation
http://slides.games-with-brains.netThursday, 4 April 2013
globally unique identities
opaque credentials
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
globally unique identities
opaque credentials
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
high entropy identifiers
opaque credentials
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
opaque credentials
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
opaque credentials
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
hashed passwords
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
secure storage
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
hybrid encryption
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
secure transport
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
ssl
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
http strict transport security header
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
http strict transport security header
secure cookies
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
http strict transport security header
http-only flag
http://slides.games-with-brains.netThursday, 4 April 2013
SecureRandom.uuid
OpenSSL::Digest::SHA512
iterative workload
OpenSSL::PKey::RSA
OpenSSL::Cipher::AES
single-use keys
http strict transport security
http-only flag
OpenSSL::HMAC
http://slides.games-with-brains.netThursday, 4 April 2013
standard library support for cryptography
ruby crypto
http://slides.games-with-brains.netThursday, 4 April 2013
high-entropy byte stream generator
SecureRandom
http://slides.games-with-brains.netThursday, 4 April 2013
random_bytes
random_number
urlsafe_base64
uuid
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘securerandom’
def random_string min = 8, max = 64length = SecureRandom.random_bytes(max - min)length = SecureRandom.random_bytes(min + length) SecureRandom.random_number length
end
http://slides.games-with-brains.netThursday, 4 April 2013
the default security toolkit of the internet
OpenSSL
http://slides.games-with-brains.netThursday, 4 April 2013
SHA2cryptographic hashing algorithm
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class SHA2attr_accessor :rounds, :salt
def initialize options = {}end
def encode valueend
def sign value = nilend
end
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@digest = OpenSSL::Digest::SHA512.new, options@salt = options[:salt] || 'salted'@rounds = options[:rounds] || 100000@key = options[:signing_key] || ""
end
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@digest = OpenSSL::Digest::SHA512.new options@salt = options[:salt] || 'salted'@rounds = options[:rounds] || 100000@key = options[:signing_key] || ""
end
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@digest = OpenSSL::Digest::SHA512.new options@salt = options[:salt] || 'salted'@rounds = options[:rounds] || 100000@key = options[:signing_key] || ""
end
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@digest = OpenSSL::Digest::SHA512.new options@salt = options[:salt] || 'salted'@rounds = options[:rounds] || 100000@key = options[:signing_key] || ""
end
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@digest = OpenSSL::Digest::SHA512.new options@salt = options[:salt] || 'salted'@rounds = options[:rounds] || 100000@key = options[:signing_key] || ""
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def sign value = nilencode value if valueOpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest
end
http://slides.games-with-brains.netThursday, 4 April 2013
def sign value = nilencode value if valueOpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest
end
http://slides.games-with-brains.netThursday, 4 April 2013
def sign value = nilencode value if valueOpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest
end
http://slides.games-with-brains.netThursday, 4 April 2013
class SHA2attr_accessor :rounds, :salt
def initialize options = {}@digest = OpenSSL::Digest::SHA512.new options@salt = options[:salt] || 'salted'@rounds = options[:rounds] || 100000@key = options[:signing_key] || ""
end
def encode [email protected] rounds > 0
@digest << (salt + value)(rounds - 1).times do
@digest << @[email protected]
elsevalue
endend
def sign value = nil encode value if value
OpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigestend
end
http://slides.games-with-brains.netThursday, 4 April 2013
AESsingle-key symmetric encryption
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class AESattr_reader :result, :key, :iv
def initialize options = {}end
def encode data = ""end
def decode cipher_text = ""end
def encode_and_pack dataend
def unpack_and_decode cipher_textend
privatedef update data = ""end
end
http://slides.games-with-brains.netThursday, 4 April 2013
def update data = ""@result = @cipher.update data@result << @cipher.final
end
http://slides.games-with-brains.netThursday, 4 April 2013
def update data = ""@result = @cipher.update data@result << @cipher.final
end
http://slides.games-with-brains.netThursday, 4 April 2013
def update data = ""@result = @cipher.update data@result << @cipher.final
end
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@cipher = OpenSSL::Cipher::AES.new 256, :CBC@iv = if options[:iv]
@cipher.iv = options[:iv]else
@cipher.random_ivend
@key = if options[:key]@cipher.key = options[:key]
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@cipher = OpenSSL::Cipher::AES.new 256, :CBC@iv = if options[:iv]
@cipher.iv = options[:iv]else
@cipher.random_ivend
@key = if options[:key]@cipher.key = options[:key]
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@cipher = OpenSSL::Cipher::AES.new 256, :CBC@iv = if options[:iv]
@cipher.iv = options[:iv]else
@cipher.random_ivend
@key = if options[:key]@cipher.key = options[:key]
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def initialize options = {}@cipher = OpenSSL::Cipher::AES.new 256, :CBC@iv = if options[:iv]
@cipher.iv = options[:iv]else
@cipher.random_ivend
@key = if options[:key]@cipher.key = options[:key]
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode data = ""@[email protected]@cipher.key = [email protected] = ivupdate(data.to_s rescue "")
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encode data = ""@[email protected]@cipher.key = [email protected] = ivupdate(data.to_s rescue "")
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encode data = ""@[email protected]@cipher.key = [email protected] = ivupdate(data.to_s rescue "")
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encode data = ""@[email protected]@cipher.key = [email protected] = ivupdate(data.to_s rescue "")
end
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def decode cipher_text = ""length = cipher_text.length rescue 0@result = if length > 0
@[email protected]@cipher.key = [email protected] = ivcipher_text = update cipher_textcipher_text if cipher_text.length > 0
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encode_and_pack data[iv, encode(data)].pack 'mm'
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encode_and_pack data[iv, encode(data)].pack 'mm'
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encode_and_pack data[iv, encode(data)].pack 'mm'
end
http://slides.games-with-brains.netThursday, 4 April 2013
def unpack_and_decode cipher_text = ""cipher_elements = cipher_text.unpack 'mm'if cipher_elements.length > 0
c = AES.new iv: cipher_elements[0], key: key@result = c.decode cipher_elements[1]
endrescue Exception => e
nilend
http://slides.games-with-brains.netThursday, 4 April 2013
def unpack_and_decode cipher_text = ""cipher_elements = cipher_text.unpack 'mm'if cipher_elements.length > 0
c = AES.new iv: cipher_elements[0], key: key@result = c.decode cipher_elements[1]
endrescue Exception => e
nilend
http://slides.games-with-brains.netThursday, 4 April 2013
def unpack_and_decode cipher_text = ""cipher_elements = cipher_text.unpack 'mm'if cipher_elements.length > 0
c = AES.new iv: cipher_elements[0], key: key@result = c.decode cipher_elements[1]
endrescue Exception => e
nilend
http://slides.games-with-brains.netThursday, 4 April 2013
def unpack_and_decode cipher_text = ""cipher_elements = cipher_text.unpack 'mm'if cipher_elements.length > 0
c = AES.new iv: cipher_elements[0], key: key@result = c.decode cipher_elements[1]
endrescue Exception => e
nilend
http://slides.games-with-brains.netThursday, 4 April 2013
RSA2-key asymmetric encryption
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
require ‘openssl’
class RSAattr_reader :result, :key
def initialize opts = {}@key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize])
end
def [email protected]_key.to_pem
end
def [email protected]_pem
end
def encode data@result = @key.public_encrypt(data.to_s rescue "")
end
def decode cipher_text@result = @key.private_decrypt(cipher_text.to_s rescue "")
endend
http://slides.games-with-brains.netThursday, 4 April 2013
encryption-aware tables in Sequel
encrypted datastores
http://slides.games-with-brains.netThursday, 4 April 2013
(this is not a sequel talk)
encrypted datastores
http://slides.games-with-brains.netThursday, 4 April 2013
(we're just using it for its friendly DDL)
encrypted datastores
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key :idString :nameString :email_address
index :name, unique: trueindex :email_address, unique: true
end
def validatesupervalidates_unique :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin!:schemaplugin :validation_helpers
set_schema doprimary_key :idString :nameString :email_address
index :name, unique: trueindex :email_address, unique: true
end
def validatesupervalidates_unique :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin!:schemaplugin :validation_helpers
set_schema doprimary_key :idString :nameString :email_address
index :name, unique: trueindex :email_address, unique: true
end
def validatesupervalidates_unique :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin!:schemaplugin!:validation_helpers
set_schema doprimary_key :idString :nameString :email_address
index :name, unique: trueindex :email_address, unique: true
end
def validatesupervalidates_unique :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin!:schemaplugin!:validation_helpers
set_schema doprimary_key :idString :nameString :email_address
index :name, unique: trueindex :email_address, unique: true
end
def validatesupervalidates_unique :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index! ! :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index! ! :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin :schemaplugin :validation_helpers
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index! ! :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelplugin! :schemaplugin! :validation_helpers
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin!:validation_helpersmod.plugin!:schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Model
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
end
def == entityself[:id] == entity.id rescue false
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
end
def == entityself[:id] == entity.id rescue false
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modeldef self.included mod
mod.plugin :validation_helpersmod.plugin :schemamod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1
def self.retrieve id#{mod}.where(id: id).first
endACCESSOR
end
def == entityself[:id] == entity.id rescue false
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Model
set_schema doprimary_key!:id, type: :varchar, auto_increment: false, unique: trueString :nameString :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
unrestrict_primary_key
def validatesupervalidates_unique :id, :name, :email_address
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modelrequire 'securerandom'
def generate_idSecureRandom.uuid
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modelrequire 'securerandom'
def generate_idSecureRandom.uuid
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module Modelrequire 'securerandom'
def generate_idSecureRandom.uuid
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Model
set_schema doprimary_key! :id, type: :varchar, auto_increment: false, unique: trueString :nameString :retrieval_email
index :id, unique: trueindex :name, unique: trueindex :retrieval_email, unique: true
end
unrestrict_primary_key
def before_creategenerate_idsuper
end
def validatesupervalidates_unique :id, :name, :retrieval_email
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Model
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module EncryptedModeldef encrypted_fields fields = [], options = {}
options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0end
endend
http://slides.games-with-brains.netThursday, 4 April 2013
module EncryptedModeldef encrypted_fields fields = [], options = {}
options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0end
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
encrypted_fields :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_address
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
with encrypted search
field encryption
http://slides.games-with-brains.netThursday, 4 April 2013
automatically encrypt on storing
automatically decrypt on retrieval
support equality searches
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionadd_field_validationenable_equality_searches optionsadd_field_accessors fields
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionadd_field_validationenable_equality_searches optionsadd_field_accessors fields
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_addressblob :key, null: trueblob :iv, null: true
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_addressblob! ! :key, null: trueblob :iv, null: true
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_addressblob! ! :key, null: trueblob! ! :iv, null: true
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: true
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def configure_field_encryptionself.module_eval <<-CIPHER, __FILE__, __LINE__ + 1
def symmetric_ciphercipher = if self[:key]
AES.new key: self[:key], iv: self[:iv]else
AES.newendself[:key] ||= cipher.keyself[:iv] ||= cipher.ivcipher
endCIPHER
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionadd_field_validationenable_equality_searches optionsadd_field_accessors fields
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionself.module_eval <<-VALIDATION, __FILE__, __LINE__ + 1
def validates_encrypted_field_presence *fieldsvalidates_presence #{
fields.collect{ |f| "#{f}_key"}.inspect}
endVALIDATIONadd_field_accessorsenable_equality_searches
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionself.module_eval <<-VALIDATION, __FILE__, __LINE__ + 1
def validates_encrypted_field_presence *fieldsvalidates_presence #{
fields.collect{ |f| "#{f}_key"}.inspect}
endVALIDATIONadd_field_accessorsenable_equality_searches
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionself.module_eval <<-VALIDATION, __FILE__, __LINE__ + 1
def validates_encrypted_field_presence *fieldsvalidates_presence #{
fields.collect{ |f| "#{f}_key"}.inspect}
endVALIDATIONadd_field_accessorsenable_equality_searches
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionadd_field_validationenable_equality_searches optionsadd_field_accessors fields
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def enable_equality_searches options = {}self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1
def self.search_key v@@index_key = "#{options[:signing_key]}"@@rounds = #{options[:rounds]}@@salt = "#{options[:salt]}"if v && @@index_key
digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@saltdigest.encode vdigest.sign
elsev
endend
def search_key vself.class.search_key v
endSEARCH
end
http://slides.games-with-brains.netThursday, 4 April 2013
def encrypted_fields fields = [], options = {}options = { rounds: 100000, salt: "", signing_key: "" }.merge optionsif fields.length > 0
configure_field_encryptionadd_field_validationenable_equality_searches optionsadd_field_accessors fields
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_fingerprint] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_key] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
def add_field_accessors fieldsfields.each do |field|
self.module_eval <<-ACCESSORS, __FILE__, __LINE__ + 1def #{field}
v = symmetric_cipher.decode self[:#{field}]#{field.capitalize}.where(id: v).first
end
def #{field}= valueself[:#{field}] = symmetric_cipher.encode valueself[:#{field}_key] = search_key v
end
def #{field}_fingerprintself[:#{field}_fingerprint]
endACCESSORS
endend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_addressString :email_address_fingerprintblob :key, null: trueblob :iv, null: true
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: trueindex :email_address_fingerprint
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_addressString! ! :email_address_fingerprintblob :key, null: trueblob :iv, null: true
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: trueindex :email_address_fingerprint
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
class Account < Sequel::Modelinclude Modelextend EncryptedModel
set_schema doprimary_key :id, type: :varchar, auto_increment: false, unique: trueString :nameString! ! :email_addressString! ! :email_address_fingerprintblob :key, null: trueblob :iv, null: true
index :id, unique: trueindex :name, unique: trueindex :email_address, unique: trueindex! ! :email_address_fingerprint
end
encrypted_fields! :email_addressend
http://slides.games-with-brains.netThursday, 4 April 2013
episode 2 preview
http://slides.games-with-brains.netThursday, 4 April 2013
securing table access with hybrid cryptography
table encryption
http://slides.games-with-brains.netThursday, 4 April 2013
securing table access with hybrid cryptography
table encryption
http://slides.games-with-brains.netThursday, 4 April 2013
encrypting & signing cookies with rack
transport security
http://slides.games-with-brains.netThursday, 4 April 2013
federated private data with sinatra
service isolation
http://slides.games-with-brains.netThursday, 4 April 2013
with sinatra and sequel
http://slides.games-with-brains.net/
adventures in paranoia
Thursday, 4 April 2013