Reputation: 8172
How to store variables passed to a Ruby class when initializing securely so that they can be accessed by other methods?
I need to know how to securely store the parameters passed into a Ruby class when initializing as shown below...
myclass = MyClass.new(auth_token)
... So that it can be accessed by other methods in the class to perform their actions like this:
myclass.do_something
The parameters that I pass are very sensitive so the security should be the highest priority. How can I achieve this?
Upvotes: 0
Views: 74
Answers (2)
Reputation: 84114
If intruders encompasses people who can run ruby code in your process then this cannot be done.
Ruby allows private methods to be called, instance variables to be read and so on. Even if you encrypted the data, someone who can run code inside your ruby process could monkey patch the encryption methods to not do anything or gain access to the encryption keys
Upvotes: 0
Reputation: 4404
You can encrypt the value before you store it, then store the encrypted value.
Then when you want to retrieve it you would decrypt it and then display the value.
You can use AES-128/AES-256 to encrypt the data using the ruby OpenSSL::Cipher and Digest libraries
Here is a post I made showing how to use the libraries to encrypt-decrypt whatever values you want.
Keep in mind you will need to keep track of your key and initialization vector
Upvotes: 1
Related Questions
- Ruby Rails preserve a variable used in one method for another method to access
- Best Way to initialize a instance variable in Rails
- Rails: storing variables in a class instance without a model
- How do I declare a variable that is accessible throughout the whole Rails application?
- Class variable access from top level
- Access to class instance variable
- ruby on rails defining variables
- Initializing a variable RUBY
- Ruby: Variable variable / method call + security concerns
- How should I store variables between method calls in rails?