Hi, Does anyone know how to store passwords securely? I mean, we enter DB usr/pwd in the database.yml and the actionmailer email usr/pwds in environment.rb which i think is not safe, considering while development the code is visible to all developers. Do we have some mechanism to store all passwords in one place and encrypt them and securely access through the system? Thanks, Pratik -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> tispratik wrote: <blockquote cite="mid:bed4ae07-a80b-4715-905f-8ae0f75691fc-kFmNPrxOMLq4o898BNfOI1YGCWtFR9XvQQ4Iyu8u01E@public.gmane.org" type="cite"> <pre wrap="">Hi, Does anyone know how to store passwords securely? I mean, we enter DB usr/pwd in the database.yml and the actionmailer email usr/pwds in environment.rb which i think is not safe, considering while development the code is visible to all developers. Do we have some mechanism to store all passwords in one place and encrypt them and securely access through the system? Thanks, Pratik </pre> </blockquote> If your only concern is with the developers having access to the passwords set up a separate db and mail account for development use with passwords that they can have access to. Another thought would be to get reliable developers.<br> <br> </body> </html> <p></p> <p>--</p> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.<br /> To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org<br /> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org<br /> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.<br />
Don''t keep database.yml in control version system (svn, cvs). In this case - only developers who have access to production server - will have access to it. On 18 дек, 01:22, tispratik <tispra...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi, > > Does anyone know how to store passwords securely? > I mean, we enter DB usr/pwd in the database.yml and the actionmailer > email usr/pwds in environment.rb > which i think is not safe, considering while development the code is > visible to all developers. > > Do we have some mechanism to store all passwords in one place and > encrypt them and securely access through the system? > > Thanks, > Pratik-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks for the inputs Norm and Denix. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Fri, Dec 18, 2009 at 8:47 AM, tispratik <tispratik-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Thanks for the inputs Norm and Denix. > >In addition to the comments of Norm and Denix, I would simply setup a staging server for developers to push code to and allow them to have ( SVN | CVS | GIT ) access only. Also, they would also push code to their own development branch for later merging into the production branch. Good luck, -Conrad> -- > > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.