Reputation: 11
Encrypt password in postgres jsonb
At my company we're designing a new flow for our user to register. User and Company are very closely tied to each other. Due to several reasons we can't create the user and the company one after the other but we need to create them at the same time.
However as our form is on several steps, we collect all the user input in a separate Registration model in a jsonb attribute and then create the user and company at the end of the process from this intermediate model.
One of the problem is that we collect the user password. However as we're storing the registration in our database, the password is exposed.
How would you try to protect this?
EDIT: We're using Bcrypt to encrypt password
Upvotes: 0
Views: 748
Answers (1)
Reputation: 1638
I have not tried this but I guess this will work. You can use the following code to encrypt the password before storing it as intermediate json.
my_password = BCrypt::Password.create("my password")
If you have designed the User model properly, there will be a password_digest field in your table. So while saving encrypted password, use:
@user.password_digest = my_password
instead of
@user.password = my_password
where you expect encryption to take place in the background.
Upvotes: 1
Related Questions
- PostgreSQL Database encryption at rest
- postgresql encrypt / decrypt
- How do I encrypt passwords with PostgreSQL?
- Postgresql - encrypt jsonb data
- How to encrypt data before sending it into the db?
- How can I add basic encryption to password?
- Encryption with Ruby on Rails app
- Database encryption in Rails
- How to secure user data in the database with Rails?
- Rails database - how to store encrypted data using the user's password?