Passwords

0 views
Skip to first unread message

tispratik

unread,
Dec 17, 2009, 6:17:31 PM12/17/09
to Saint Louis Ruby Users Group
Hi,

Does anyone know how to store passwords securely?
I mean, we enter DB usr/pwd in the database.yml and the actionmailer
email usr/pwds in environment.rb
which i think is not safe, considering while development the code is
visible to all developers.

Do we have some mechanism to store all passwords in one place and
encrypt them and securely access through the system?

Thanks,
Pratik

Amos King

unread,
Dec 17, 2009, 7:15:48 PM12/17/09
to stl...@googlegroups.com
Don't use the same passwords in development, and have one person entrusted with the production.yml file.  Usually your deployment guy.


--

You received this message because you are subscribed to the Google Groups "Saint Louis Ruby Users Group" group.
To post to this group, send email to stl...@googlegroups.com.
To unsubscribe from this group, send email to stlruby+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/stlruby?hl=en.





--
Amos King
http://dirtyInformation.com
http://github.com/Adkron
--
Looking for something to do? Visit http://ImThere.com

Kenny Ortmann

unread,
Dec 17, 2009, 7:26:37 PM12/17/09
to stl...@googlegroups.com
Another option is to create a database.yml and environment.rb file on your production server and create a rake task that will overwrite the files in your repository with the files on the file system

On Thu, Dec 17, 2009 at 5:17 PM, tispratik <tisp...@gmail.com> wrote:

Patrick Schless

unread,
Dec 17, 2009, 8:49:21 PM12/17/09
to stl...@googlegroups.com
Yup, agreed (with those above). Production's database.yml should be
under shared/config on the server, and you can have capistrano
copy/symlink that file into current. Also, you should check that that
user only has GRANTs for the one database it needs, and can only
connect from localhost (assuming db is on the same server).

As for other passwords (mail configs, etc), I don't have a great
solution. You could use acts_as_secure and store them encrypted in
the DB, or look into an encrypted filesystem.. or, depending on your
control of your mail server, just configure it to only accept mail
from the IP where your app runs (or some similar mail server config).

tispratik

unread,
Dec 18, 2009, 11:49:30 AM12/18/09
to Saint Louis Ruby Users Group
Thanks for the valuable inputs :)

-Pratik

Reply all
Reply to author
Forward
0 new messages