Adventures in paranoia with sinatra and sequel

626 views
581 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
626
On SlideShare
0
From Embeds
0
Number of Embeds
32
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Adventures in paranoia with sinatra and sequel

  1. 1. ro ug cu h t adventures in paranoia with sinatra and sequel Eleanor McHugh @feyeleanor http://github.com/feyeleanorThursday, 4 April 2013
  2. 2. ro ug cu h t adventures in paranoia with sinatra and sequel Eleanor McHugh @feyeleanor http://github.com/feyeleanorThursday, 4 April 2013
  3. 3. ro ug cu h t adventures in paranoia with sinatra and sequel Eleanor McHugh @feyeleanor http://github.com/feyeleanorThursday, 4 April 2013
  4. 4. ro ug cu h t caveat lector think carefully before doing securityThursday, 4 April 2013
  5. 5. I am not a certified security professional and its unlikely you are either what follows is definitely above our pay grade and presented to provoke further study so if privacy truly matters to you - and it should hire a certified security professional then follow their advice assiduously http://slides.games-with-brains.netThursday, 4 April 2013
  6. 6. adventure Pronunciation: /əәdˈvɛntʃəә/ noun {mass noun} an unusual and exciting or daring experience: her recent adventures in Italy excitement associated with danger or the taking of risks: she travelled the world in search of adventure a reckless or potentially hazardous action or enterprise. archaic a commercial venture. http://slides.games-with-brains.netThursday, 4 April 2013
  7. 7. paranoia Pronunciation: /ˌparəәˈnɔɪəә/ noun {mass noun} a mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers http://slides.games-with-brains.netThursday, 4 April 2013
  8. 8. paranoia Pronunciation: /ˌparəәˈnɔɪəә/ noun {mass noun} the perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or nefarious intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or mixing with cryptographers and cypherpunks. justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals http://slides.games-with-brains.netThursday, 4 April 2013
  9. 9. trust no one how can we believe our visitors are who they claim to be http://slides.games-with-brains.netThursday, 4 April 2013
  10. 10. trust no one how can visitors be confident we protect their privacy http://slides.games-with-brains.netThursday, 4 April 2013
  11. 11. establish a well-known presence assign globally unique identities only accept opaque credentials secure storage wherever identity data rests secure transport wherever identity data moves separate authentication and authorisation http://slides.games-with-brains.netThursday, 4 April 2013
  12. 12. globally unique identities opaque credentials secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  13. 13. globally unique identities opaque credentials secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  14. 14. high entropy identifiers opaque credentials secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  15. 15. SecureRandom.uuid opaque credentials secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  16. 16. SecureRandom.uuid opaque credentials secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  17. 17. SecureRandom.uuid hashed passwords secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  18. 18. SecureRandom.uuid OpenSSL::Digest::SHA512 secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  19. 19. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  20. 20. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload secure storage secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  21. 21. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload hybrid encryption secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  22. 22. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  23. 23. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  24. 24. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  25. 25. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys secure transport http://slides.games-with-brains.netThursday, 4 April 2013
  26. 26. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys ssl http://slides.games-with-brains.netThursday, 4 April 2013
  27. 27. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys http strict transport security header http://slides.games-with-brains.netThursday, 4 April 2013
  28. 28. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys http strict transport security header secure cookies http://slides.games-with-brains.netThursday, 4 April 2013
  29. 29. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys http strict transport security header http-only flag http://slides.games-with-brains.netThursday, 4 April 2013
  30. 30. SecureRandom.uuid OpenSSL::Digest::SHA512 iterative workload OpenSSL::PKey::RSA OpenSSL::Cipher::AES single-use keys http strict transport security http-only flag OpenSSL::HMAC http://slides.games-with-brains.netThursday, 4 April 2013
  31. 31. ruby crypto standard library support for cryptography http://slides.games-with-brains.netThursday, 4 April 2013
  32. 32. SecureRandom high-entropy byte stream generator http://slides.games-with-brains.netThursday, 4 April 2013
  33. 33. random_bytes random_number urlsafe_base64 uuid http://slides.games-with-brains.netThursday, 4 April 2013
  34. 34. require ‘securerandom’ def random_string min = 8, max = 64 length = SecureRandom.random_bytes(max - min) length = SecureRandom.random_bytes(min + length) SecureRandom.random_number length end http://slides.games-with-brains.netThursday, 4 April 2013
  35. 35. OpenSSL the default security toolkit of the internet http://slides.games-with-brains.netThursday, 4 April 2013
  36. 36. SHA2 cryptographic hashing algorithm http://slides.games-with-brains.netThursday, 4 April 2013
  37. 37. require ‘openssl’ class SHA2 attr_accessor :rounds, :salt def initialize options = {} end def encode value end def sign value = nil end end http://slides.games-with-brains.netThursday, 4 April 2013
  38. 38. def initialize options = {} @digest = OpenSSL::Digest::SHA512.new, options @salt = options[:salt] || salted @rounds = options[:rounds] || 100000 @key = options[:signing_key] || "" end http://slides.games-with-brains.netThursday, 4 April 2013
  39. 39. def initialize options = {} @digest = OpenSSL::Digest::SHA512.new options @salt = options[:salt] || salted @rounds = options[:rounds] || 100000 @key = options[:signing_key] || "" end http://slides.games-with-brains.netThursday, 4 April 2013
  40. 40. def initialize options = {} @digest = OpenSSL::Digest::SHA512.new options @salt = options[:salt] || salted @rounds = options[:rounds] || 100000 @key = options[:signing_key] || "" end http://slides.games-with-brains.netThursday, 4 April 2013
  41. 41. def initialize options = {} @digest = OpenSSL::Digest::SHA512.new options @salt = options[:salt] || salted @rounds = options[:rounds] || 100000 @key = options[:signing_key] || "" end http://slides.games-with-brains.netThursday, 4 April 2013
  42. 42. def initialize options = {} @digest = OpenSSL::Digest::SHA512.new options @salt = options[:salt] || salted @rounds = options[:rounds] || 100000 @key = options[:signing_key] || "" end http://slides.games-with-brains.netThursday, 4 April 2013
  43. 43. def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end http://slides.games-with-brains.netThursday, 4 April 2013
  44. 44. def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end http://slides.games-with-brains.netThursday, 4 April 2013
  45. 45. def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end http://slides.games-with-brains.netThursday, 4 April 2013
  46. 46. def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end http://slides.games-with-brains.netThursday, 4 April 2013
  47. 47. def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end http://slides.games-with-brains.netThursday, 4 April 2013
  48. 48. def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end http://slides.games-with-brains.netThursday, 4 April 2013
  49. 49. def sign value = nil encode value if value OpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest end http://slides.games-with-brains.netThursday, 4 April 2013
  50. 50. def sign value = nil encode value if value OpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest end http://slides.games-with-brains.netThursday, 4 April 2013
  51. 51. def sign value = nil encode value if value OpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest end http://slides.games-with-brains.netThursday, 4 April 2013
  52. 52. class SHA2 attr_accessor :rounds, :salt def initialize options = {} @digest = OpenSSL::Digest::SHA512.new options @salt = options[:salt] || salted @rounds = options[:rounds] || 100000 @key = options[:signing_key] || "" end def encode value @digest.reset if rounds > 0 @digest << (salt + value) (rounds - 1).times do @digest << @digest.hexdigest end @digest.hexdigest else value end end def sign value = nil encode value if value OpenSSL::HMAC.hexdigest @digest, @key, @digest.hexdigest end end http://slides.games-with-brains.netThursday, 4 April 2013
  53. 53. AES single-key symmetric encryption http://slides.games-with-brains.netThursday, 4 April 2013
  54. 54. require ‘openssl’ class AES attr_reader :result, :key, :iv def initialize options = {} end def encode data = "" end def decode cipher_text = "" end def encode_and_pack data end def unpack_and_decode cipher_text end private def update data = "" end end http://slides.games-with-brains.netThursday, 4 April 2013
  55. 55. def update data = "" @result = @cipher.update data @result << @cipher.final end http://slides.games-with-brains.netThursday, 4 April 2013
  56. 56. def update data = "" @result = @cipher.update data @result << @cipher.final end http://slides.games-with-brains.netThursday, 4 April 2013
  57. 57. def update data = "" @result = @cipher.update data @result << @cipher.final end http://slides.games-with-brains.netThursday, 4 April 2013
  58. 58. def initialize options = {} @cipher = OpenSSL::Cipher::AES.new 256, :CBC @iv = if options[:iv] @cipher.iv = options[:iv] else @cipher.random_iv end @key = if options[:key] @cipher.key = options[:key] else @cipher.random_key end end http://slides.games-with-brains.netThursday, 4 April 2013
  59. 59. def initialize options = {} @cipher = OpenSSL::Cipher::AES.new 256, :CBC @iv = if options[:iv] @cipher.iv = options[:iv] else @cipher.random_iv end @key = if options[:key] @cipher.key = options[:key] else @cipher.random_key end end http://slides.games-with-brains.netThursday, 4 April 2013
  60. 60. def initialize options = {} @cipher = OpenSSL::Cipher::AES.new 256, :CBC @iv = if options[:iv] @cipher.iv = options[:iv] else @cipher.random_iv end @key = if options[:key] @cipher.key = options[:key] else @cipher.random_key end end http://slides.games-with-brains.netThursday, 4 April 2013
  61. 61. def initialize options = {} @cipher = OpenSSL::Cipher::AES.new 256, :CBC @iv = if options[:iv] @cipher.iv = options[:iv] else @cipher.random_iv end @key = if options[:key] @cipher.key = options[:key] else @cipher.random_key end end http://slides.games-with-brains.netThursday, 4 April 2013
  62. 62. def encode data = "" @cipher.reset @cipher.encrypt @cipher.key = key @cipher.iv = iv update(data.to_s rescue "") end http://slides.games-with-brains.netThursday, 4 April 2013
  63. 63. def encode data = "" @cipher.reset @cipher.encrypt @cipher.key = key @cipher.iv = iv update(data.to_s rescue "") end http://slides.games-with-brains.netThursday, 4 April 2013
  64. 64. def encode data = "" @cipher.reset @cipher.encrypt @cipher.key = key @cipher.iv = iv update(data.to_s rescue "") end http://slides.games-with-brains.netThursday, 4 April 2013
  65. 65. def encode data = "" @cipher.reset @cipher.encrypt @cipher.key = key @cipher.iv = iv update(data.to_s rescue "") end http://slides.games-with-brains.netThursday, 4 April 2013
  66. 66. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  67. 67. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  68. 68. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  69. 69. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  70. 70. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  71. 71. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  72. 72. def decode cipher_text = "" length = cipher_text.length rescue 0 @result = if length > 0 @cipher.reset @cipher.decrypt @cipher.key = key @cipher.iv = iv cipher_text = update cipher_text cipher_text if cipher_text.length > 0 end end http://slides.games-with-brains.netThursday, 4 April 2013
  73. 73. def encode_and_pack data [iv, encode(data)].pack mm end http://slides.games-with-brains.netThursday, 4 April 2013
  74. 74. def encode_and_pack data [iv, encode(data)].pack mm end http://slides.games-with-brains.netThursday, 4 April 2013
  75. 75. def encode_and_pack data [iv, encode(data)].pack mm end http://slides.games-with-brains.netThursday, 4 April 2013
  76. 76. def unpack_and_decode cipher_text = "" cipher_elements = cipher_text.unpack mm if cipher_elements.length > 0 c = AES.new iv: cipher_elements[0], key: key @result = c.decode cipher_elements[1] end rescue Exception => e nil end http://slides.games-with-brains.netThursday, 4 April 2013
  77. 77. def unpack_and_decode cipher_text = "" cipher_elements = cipher_text.unpack mm if cipher_elements.length > 0 c = AES.new iv: cipher_elements[0], key: key @result = c.decode cipher_elements[1] end rescue Exception => e nil end http://slides.games-with-brains.netThursday, 4 April 2013
  78. 78. def unpack_and_decode cipher_text = "" cipher_elements = cipher_text.unpack mm if cipher_elements.length > 0 c = AES.new iv: cipher_elements[0], key: key @result = c.decode cipher_elements[1] end rescue Exception => e nil end http://slides.games-with-brains.netThursday, 4 April 2013
  79. 79. def unpack_and_decode cipher_text = "" cipher_elements = cipher_text.unpack mm if cipher_elements.length > 0 c = AES.new iv: cipher_elements[0], key: key @result = c.decode cipher_elements[1] end rescue Exception => e nil end http://slides.games-with-brains.netThursday, 4 April 2013
  80. 80. RSA 2-key asymmetric encryption http://slides.games-with-brains.netThursday, 4 April 2013
  81. 81. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  82. 82. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  83. 83. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  84. 84. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  85. 85. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  86. 86. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  87. 87. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  88. 88. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  89. 89. require ‘openssl’ class RSA attr_reader :result, :key def initialize opts = {} @key = OpenSSL::PKey::RSA.new(opts[:key] || opts[:keysize]) end def public_key @key.public_key.to_pem end def private_key @key.to_pem end def encode data @result = @key.public_encrypt(data.to_s rescue "") end def decode cipher_text @result = @key.private_decrypt(cipher_text.to_s rescue "") end end http://slides.games-with-brains.netThursday, 4 April 2013
  90. 90. encrypted datastores encryption-aware tables in Sequel http://slides.games-with-brains.netThursday, 4 April 2013
  91. 91. encrypted datastores (this is not a sequel talk) http://slides.games-with-brains.netThursday, 4 April 2013
  92. 92. encrypted datastores (were just using it for its friendly DDL) http://slides.games-with-brains.netThursday, 4 April 2013
  93. 93. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key :id String :name String :email_address index :name, unique: true index :email_address, unique: true end def validate super validates_unique :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  94. 94. class Account < Sequel::Model plugin!:schema plugin :validation_helpers set_schema do primary_key :id String :name String :email_address index :name, unique: true index :email_address, unique: true end def validate super validates_unique :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  95. 95. class Account < Sequel::Model plugin!:schema plugin :validation_helpers set_schema do primary_key :id String :name String :email_address index :name, unique: true index :email_address, unique: true end def validate super validates_unique :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  96. 96. class Account < Sequel::Model plugin!:schema plugin!:validation_helpers set_schema do primary_key :id String :name String :email_address index :name, unique: true index :email_address, unique: true end def validate super validates_unique :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  97. 97. class Account < Sequel::Model plugin!:schema plugin!:validation_helpers set_schema do primary_key :id String :name String :email_address index :name, unique: true index :email_address, unique: true end def validate super validates_unique :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  98. 98. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  99. 99. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  100. 100. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  101. 101. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  102. 102. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  103. 103. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index! ! :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  104. 104. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index! ! :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  105. 105. class Account < Sequel::Model plugin :schema plugin :validation_helpers set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index! ! :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  106. 106. class Account < Sequel::Model plugin! :schema plugin! :validation_helpers set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  107. 107. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  108. 108. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  109. 109. module Model def self.included mod mod.plugin!:validation_helpers mod.plugin!:schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  110. 110. class Account < Sequel::Model include Model set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  111. 111. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  112. 112. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  113. 113. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  114. 114. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  115. 115. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end end http://slides.games-with-brains.netThursday, 4 April 2013
  116. 116. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end def == entity self[:id] == entity.id rescue false end end http://slides.games-with-brains.netThursday, 4 April 2013
  117. 117. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end def == entity self[:id] == entity.id rescue false end end http://slides.games-with-brains.netThursday, 4 April 2013
  118. 118. module Model def self.included mod mod.plugin :validation_helpers mod.plugin :schema mod.module_eval <<-ACCESSOR, __FILE__, __LINE__ + 1 def self.retrieve id #{mod}.where(id: id).first end ACCESSOR end def == entity self[:id] == entity.id rescue false end end http://slides.games-with-brains.netThursday, 4 April 2013
  119. 119. class Account < Sequel::Model include Model set_schema do primary_key!:id, type: :varchar, auto_increment: false, unique: true String :name String :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end unrestrict_primary_key def validate super validates_unique :id, :name, :email_address end end http://slides.games-with-brains.netThursday, 4 April 2013
  120. 120. module Model require securerandom def generate_id SecureRandom.uuid end end http://slides.games-with-brains.netThursday, 4 April 2013
  121. 121. module Model require securerandom def generate_id SecureRandom.uuid end end http://slides.games-with-brains.netThursday, 4 April 2013
  122. 122. module Model require securerandom def generate_id SecureRandom.uuid end end http://slides.games-with-brains.netThursday, 4 April 2013
  123. 123. class Account < Sequel::Model include Model set_schema do primary_key! :id, type: :varchar, auto_increment: false, unique: true String :name String :retrieval_email index :id, unique: true index :name, unique: true index :retrieval_email, unique: true end unrestrict_primary_key def before_create generate_id super end def validate super validates_unique :id, :name, :retrieval_email end end http://slides.games-with-brains.netThursday, 4 April 2013
  124. 124. class Account < Sequel::Model include Model set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String! ! :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end end http://slides.games-with-brains.netThursday, 4 April 2013
  125. 125. module EncryptedModel def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 end end end http://slides.games-with-brains.netThursday, 4 April 2013
  126. 126. module EncryptedModel def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 end end end http://slides.games-with-brains.netThursday, 4 April 2013
  127. 127. class Account < Sequel::Model include Model extend EncryptedModel set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String! ! :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end encrypted_fields :email_address end http://slides.games-with-brains.netThursday, 4 April 2013
  128. 128. class Account < Sequel::Model include Model extend EncryptedModel set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String! ! :email_address index :id, unique: true index :name, unique: true index :email_address, unique: true end encrypted_fields! :email_address end http://slides.games-with-brains.netThursday, 4 April 2013
  129. 129. field encryption with encrypted search http://slides.games-with-brains.netThursday, 4 April 2013
  130. 130. automatically encrypt on storing automatically decrypt on retrieval support equality searches http://slides.games-with-brains.netThursday, 4 April 2013
  131. 131. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption add_field_validation enable_equality_searches options add_field_accessors fields end end http://slides.games-with-brains.netThursday, 4 April 2013
  132. 132. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption add_field_validation enable_equality_searches options add_field_accessors fields end end http://slides.games-with-brains.netThursday, 4 April 2013
  133. 133. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  134. 134. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  135. 135. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  136. 136. class Account < Sequel::Model include Model extend EncryptedModel set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String! ! :email_address blob :key, null: true blob :iv, null: true index :id, unique: true index :name, unique: true index :email_address, unique: true end encrypted_fields! :email_address end http://slides.games-with-brains.netThursday, 4 April 2013
  137. 137. class Account < Sequel::Model include Model extend EncryptedModel set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String! ! :email_address blob! ! :key, null: true blob :iv, null: true index :id, unique: true index :name, unique: true index :email_address, unique: true end encrypted_fields! :email_address end http://slides.games-with-brains.netThursday, 4 April 2013
  138. 138. class Account < Sequel::Model include Model extend EncryptedModel set_schema do primary_key :id, type: :varchar, auto_increment: false, unique: true String :name String! ! :email_address blob! ! :key, null: true blob! ! :iv, null: true index :id, unique: true index :name, unique: true index :email_address, unique: true end encrypted_fields! :email_address end http://slides.games-with-brains.netThursday, 4 April 2013
  139. 139. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  140. 140. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  141. 141. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  142. 142. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  143. 143. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  144. 144. def configure_field_encryption self.module_eval <<-CIPHER, __FILE__, __LINE__ + 1 def symmetric_cipher cipher = if self[:key] AES.new key: self[:key], iv: self[:iv] else AES.new end self[:key] ||= cipher.key self[:iv] ||= cipher.iv cipher end CIPHER end http://slides.games-with-brains.netThursday, 4 April 2013
  145. 145. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption add_field_validation enable_equality_searches options add_field_accessors fields end end http://slides.games-with-brains.netThursday, 4 April 2013
  146. 146. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption self.module_eval <<-VALIDATION, __FILE__, __LINE__ + 1 def validates_encrypted_field_presence *fields validates_presence #{ fields.collect{ |f| "#{f}_key"}.inspect } end VALIDATION add_field_accessors enable_equality_searches end end http://slides.games-with-brains.netThursday, 4 April 2013
  147. 147. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption self.module_eval <<-VALIDATION, __FILE__, __LINE__ + 1 def validates_encrypted_field_presence *fields validates_presence #{ fields.collect{ |f| "#{f}_key"}.inspect } end VALIDATION add_field_accessors enable_equality_searches end end http://slides.games-with-brains.netThursday, 4 April 2013
  148. 148. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption self.module_eval <<-VALIDATION, __FILE__, __LINE__ + 1 def validates_encrypted_field_presence *fields validates_presence #{ fields.collect{ |f| "#{f}_key"}.inspect } end VALIDATION add_field_accessors enable_equality_searches end end http://slides.games-with-brains.netThursday, 4 April 2013
  149. 149. def encrypted_fields fields = [], options = {} options = { rounds: 100000, salt: "", signing_key: "" }.merge options if fields.length > 0 configure_field_encryption add_field_validation enable_equality_searches options add_field_accessors fields end end http://slides.games-with-brains.netThursday, 4 April 2013
  150. 150. def enable_equality_searches options = {} self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1 def self.search_key v @@index_key = "#{options[:signing_key]}" @@rounds = #{options[:rounds]} @@salt = "#{options[:salt]}" if v && @@index_key digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@salt digest.encode v digest.sign else v end end def search_key v self.class.search_key v end SEARCH end http://slides.games-with-brains.netThursday, 4 April 2013
  151. 151. def enable_equality_searches options = {} self.module_eval <<-SEARCH, __FILE__, __LINE__ + 1 def self.search_key v @@index_key = "#{options[:signing_key]}" @@rounds = #{options[:rounds]} @@salt = "#{options[:salt]}" if v && @@index_key digest = SHA512.new key: @@index_key, rounds: @@rounds, salt: @@salt digest.encode v digest.sign else v end end def search_key v self.class.search_key v end SEARCH end http://slides.games-with-brains.netThursday, 4 April 2013

×