Database Encryption in Rails

Question

Database Encryption in Rails

I use ActiveRecord method serializewith a class of my own, AESCoder. This will use aes-256-cbc with a random initialization vector every time. This initialization vector is added to the field when I store it in the database and, of course, is retrieved before deserialization.

Now this scheme does not allow me to use any crawlers in these attributes. I have to select all the lines I needed to be automatically decrypted, and execute ruby selectin the list of elements. This, of course, is a huge performance bottleneck that I cannot afford for this application.

One solution would be to not use random IV, but then aes-256-cbc would no longer be safer.

Did I forget something?

+3

security ruby-on-rails-3 encryption aes

Júlio santos May 15, '12 at 8:23

source share

1 answer

janfoeh · Accepted Answer · 2012-05-22T16:45:55+0000

As others noted, there will be no need to decrypt the lines you want to execute. However, you can improve performance by letting Postgres do a heavy lift using the pgcrypto extension instead of selecting everything and sorting it by application layer.

Heroku recently started offering Postgres 9.1 and seems to support pgcrypto. According to a blog post, you may have to migrate your database in order to switch to Postgres 9.1.

, Herokus " " - Postgres 8 pgcrypto, . Postgres 9 , .

Database Encryption in Rails

More articles: