security - GPGME: Best practices for automatic decryption in rails server -

-

i'd able ato implement following behaviour :

  • an admin should asked passphrase gpg production key during rails server startup in production

  • the passphrase should not stored anywhere other ram

  • decryption capabilities should not available in rake tasks or rails console

a gpg-agent seems out of question, since process launched same user rails server runs able decrypt content.

a passphrase callback gpgme class asking passphrase seems best solution (although tricky implement because of start-stop-daemon wrapper in /etc/init.d/unicorn grabs stdin).

am missing ? there security holes such setup ? better solution ? many thanks.


Comments

Post a Comment

Popular posts from this blog

javascript - Unusual behaviour when drawing lots of images onto a large canvas -

-
in javascript code, download bunch of links of images, , draw them canvas in grid theme. number of links there are, , set width , height of canvas accordingly, there 200 images per row. height based on total number images. problem noticing based on height use, images show on canvas. example, if set height 12 rows, see images, if set on that, no images show up. when setting in 1 row, images show in firefox 23. ie9 , chrome29 shows nothing. does know if there wrong here, or stable way drawing lots of images large canvas? thanks. function onprofilesuccessmethod(sender, args) { alert("request arrived"); var listenumerator, piccount, item, picobj, path, office, ctx, x, y, imageobj; listenumerator = listitems.getenumerator(); piccount = listitems.get_count(); var w = 125; var h = 150; var rl = 200; var canvas = document.createelement('canvas'); canvas.id = "picgallery"; canvas.width = w * rl; canvas....
Read more

how can i manage url using .htaccess in php? -

-
i want manage url of website right showing me www.computermall.co.in/product_details.php?prdid=34 but want www.computermall.co.in/product_details/34 how can it? i have tried this options +followsymlinks -multiviews rewriteengine on rewritebase /computermall # uri-path directly the_request variable rewritecond %{the_request} ^(get|head)\s/(.*)\.php [nc] # strip extension , redirect permanently rewriterule .* /%2 [r=301,l,nc] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewritecond %{request_uri} !\.php [nc] # map internally original resource rewriterule ^(.*)$ $1.php [l,qsa] try this: rewriteengine on rewriterule ^product_details/prdid/([^/]*)$ /product_details?prdid=$1 [l] edit: removed leading slash
Read more

javascript - Chart.js - setting tooltip z-index -

-
http://jsfiddle.net/gmannib/j2mwpj43/7/ ^ see sample fiddle above. notice how tooltips piechart go underneath "earth" icon have in middle there? there way set z-index property of tooltips above earth icon? thought work? race.tooltip.style.zindex = "5"; i'm still learning...thank kind help! just give higher z-index value canvas , done. see demo . css code canvas#race{position:relative; z-index:1;}
Read more