Ruby Video
Talks
Speakers
Events
Topics
Leaderboard
Sign in
Talks
Speakers
Events
Topics
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
This session is a jolly romp through the realm of practical data privacy using pure Ruby. We'll start by looking at how to obfuscate data using Ruby's OpenSSL bindings, exploring the possibilities of symmetric and public key cryptography as well as the role of hashing algorithms. Once the basic principles have been established we'll turn our attention to designing databases with a strong privacy component, using Sequel to demonstrate how encrypted keys can be used to support privacy in the relational model. There will be some meta-programming involved which should also be of interest to ActiveRecord users. This will naturally lead into a brief discussion of the seeming difficulty of searching encrypted data along with a strategy for making this practical. We'll round out the session by turning our attention to the transport layer with a simple scheme for securing web application sessions using a custom Rack middleware. The discussion will be backed by code examples inspired by real-world systems. Help us caption & translate this video! http://amara.org/v/FGbS/
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
The video 'Adventures in Paranoia with Sinatra and Sequel,' presented by Eleanor McHugh at the MountainWest RubyConf 2013, focuses on practical data privacy using Ruby. The session begins with a foundational overview of implementing security in web applications via a low-level, pure Ruby approach, emphasizing the importance of trust in internet systems. McHugh outlines several key components essential for ensuring data privacy, which include: - **Globally Unique Identifiers**: Utilizing Ruby's standard library for secure random functionality to create unique identities. - **Opaque Credentials**: The significance of hashing data with SHA-512 to maintain confidentiality, making it irreversible to ensure sensitive information remains undisclosed. - **Public Key Cryptography and Symmetric Ciphers**: Exploring cryptographic techniques, specifically emphasizing the use of AES, and the necessity of single-use keys for security. - **Secure Transport**: A brief overview of HMAC (hash-based message authentication codes) for data integrity during transmission. McHugh reigns in the complexities involved in cryptography, discussing the Ruby OpenSSL bindings while addressing potential issues developers may encounter. She illustrates how to utilize hashing algorithms and design encrypted fields within databases. Furthermore, the presentation touches on securing relational models and emphasizes compartmentalization of database elements to enhance confidentiality. The importance of digital signatures and data encryption during internet transport is also highlighted, underlining the risks associated with open communications. In conclusion, McHugh stresses the need for continuous study of cryptographic principles for successful implementation in real-world applications. The talk ends with an invitation for audience engagement and further exploration of the complex world of data privacy, encouraging attendees to review additional resources available through SlideShare. The key takeaway is that employing strong encryption and security measures is crucial for safeguarding sensitive data in any web application.
Suggest modifications
Cancel