Hello, I''m trying to figure out a way to store user-generated text securely in a database (so that only the user is the one who can access his/her text). I could have Rails encrypt and decrypt the user''s text using the user''s password as the key, but if the user ever forgot their password there would be no way to ever decrypt their previous text (since the Rails app uses BCrypt to store only a hash of the password). Does anyone know how that could be done? It looks like Dropbox does it: "All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password." (http://www.dropbox.com/help/27) Yet they allow you to reset your password and I''m assuming they don''t store your plain text password anywhere. What am I missing? Any suggestions would be greatly appreciated. Thanks! James -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> I''m trying to figure out a way to store user-generated text securely in > a database (so that only the user is the one who can access his/her > text). I could have Rails encrypt and decrypt the user''s text using the > user''s password as the key, but if the user ever forgot their password > there would be no way to ever decrypt their previous text (since the > Rails app uses BCrypt to store only a hash of the password). > > Does anyone know how that could be done? It looks like Dropbox does it: > "All files stored on Dropbox servers are encrypted (AES-256) and are > inaccessible without your account password." > (http://www.dropbox.com/help/27) Yet they allow you to reset your > password and I''m assuming they don''t store your plain text password > anywhere. > > What am I missing? Any suggestions would be greatly appreciated. Thanks!Hrm... well, "inaccessible without your account password" is not the same thing as "encrypted with your password".... -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.