is there an effective way to encrypt data from the user?
What I'm trying to do is to get ruby to send some information to a
server, however I'd rather that it was secured somehow, to prevent the
user from tampering with it. is that possible due ruby being a
interpreted language?
--
Posted via http://www.ruby-forum.com/.
is there an effective way to encrypt data from the user?
What I'm trying to do is to get ruby to send some information to a
server, however I'd rather that it was secured somehow, to prevent the
user from tampering with it.
Ruby ships with OpenSSL support as part of the Standard Library. Good examples are somewhat hard to come by online but if you look at slides 40-42 of the Anchoring Trust presentation linked in my signature along with page 709 of the 2nd edition Pickaxe you should be able to figure out the basics.
There's also a RubyKaigi presentation from 2006 at http://dev.ctor.org/download/RubyKaigi2006_SAP_20060610.pdf but the text is Japanese and you'd need to be familiar with OpenSSL to make much sense of it.
is that possible due ruby being a interpreted language?
Yes. The OpenSSL library is a compiled extension so all the encryption primitives are relatively fast.
Ellie
Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net
On 16 Jun 2008, at 07:26, Phil Cooper-king wrote:
----
raise ArgumentError unless @reality.responds_to? :reason
Hi Phil,
When you say you want to prevent tampering with the data, do you mean:
* you want to prevent the user from seeing the raw data being sent, or
* you want to prevent the user simply from altering the data being sent?
If you just want to prevent altering and don't care about seeing, you
could use a checksum, like an MD5, SHA1, SHA2, etc., all of which are
available in the 'digest' standard library. Specifically, you can do
is an append a secret "key" to the end of your data and perform one of
the checksums. You send your unencrypted data along with the checksum
to the server. The server can verify that the data has not been
altered by appending the same secret "key" to the data, performing the
checksum, and comparing the result to the checksum sent.
You haven't said much about the context, so it's hard to know whether
this solution would meet your needs or not. Are you trying to prevent
casual tampering or really trying to create a bullet-proof solution?
All of these issues need to be considered when evaluating a solution.
Best,
Eric
On Mon, Jun 16, 2008 at 2:26 AM, Phil Cooper-king <philcooperking@gmail.com> wrote:
is there an effective way to encrypt data from the user?
What I'm trying to do is to get ruby to send some information to a
server, however I'd rather that it was secured somehow, to prevent the
user from tampering with it. is that possible due ruby being a
interpreted language?
===
LearnRuby.com offers Rails & Ruby HANDS-ON public & ON-SITE workshops.
Ready for Rails Ruby Workshop June 23-24 Ann Arbor, Mich.
Ruby on Rails Workshop June 25-27 Ann Arbor, Mich.
Ruby Plus Rails Combo Workshop June 23-27 Ann Arbor, Mich.
Please visit http://LearnRuby.com for all the details.