security - GPGME: Best practices for automatic decryption in rails server -

-

i'd able ato implement following behaviour :

  • an admin should asked passphrase gpg production key during rails server startup in production

  • the passphrase should not stored anywhere other ram

  • decryption capabilities should not available in rake tasks or rails console

a gpg-agent seems out of question, since process launched same user rails server runs able decrypt content.

a passphrase callback gpgme class asking passphrase seems best solution (although tricky implement because of start-stop-daemon wrapper in /etc/init.d/unicorn grabs stdin).

am missing ? there security holes such setup ? better solution ? many thanks.


Comments

Post a Comment

Popular posts from this blog

c# - SelectList with Dictionary, add values to the Dictionary after it's assigned to SelectList -

-
i have following code - dictionary<string, string> mydict = new dictionary<string, string>(); mydict.add("keya", "valuea"); mydict.add("keyb", "valueb"); ienumerable<selectlistitem> myselectlist = new selectlist(mydict, "key", "value") further down in program, want add values mydict . possible? if yes, how? want - myselectlist.mydict.add("keyc", "valuec"); if you're wanting add items mydict, possible, , changes reflected in of myselectlist 's enumerations long changes made before enumeration (e.g. using .tolist() ) generated. as worked example: dictionary<string, string> mydict = new dictionary<string, string>(); mydict.add("keya", "valuea"); mydict.add("keyb", "valueb"); ienumerable<selectlistitem> myselectlist = new selectlist(mydict, "key", "value...
Read more

how can i manage url using .htaccess in php? -

-
i want manage url of website right showing me www.computermall.co.in/product_details.php?prdid=34 but want www.computermall.co.in/product_details/34 how can it? i have tried this options +followsymlinks -multiviews rewriteengine on rewritebase /computermall # uri-path directly the_request variable rewritecond %{the_request} ^(get|head)\s/(.*)\.php [nc] # strip extension , redirect permanently rewriterule .* /%2 [r=301,l,nc] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewritecond %{request_uri} !\.php [nc] # map internally original resource rewriterule ^(.*)$ $1.php [l,qsa] try this: rewriteengine on rewriterule ^product_details/prdid/([^/]*)$ /product_details?prdid=$1 [l] edit: removed leading slash
Read more

ios - I get the error Property '...' not found on object of type '...' -

-
appdelegate.h #import <uikit/uikit.h> @interface appdelegate : uiresponder <uiapplicationdelegate> @property (strong, nonatomic) uiwindow *window; @end appdelegate.m #import "appdelegate.h" #import "firstviewcontroller.h" #import "secondviewcontroller.h" @implementation appdelegate - (bool)application:(uiapplication *)application didfinishlaunchingwithoptions: goes on normal app.......... @end firstviewcontroller.h #import <uikit/uikit.h> @interface firstviewcontroller : uiviewcontroller @property (strong, nonatomic) iboutlet uiimageview *bground; - (ibaction)settingspressed:(id)sender; - (ibaction)startpressed:(id)sender; @end @class secondviewcontroller; @interface secondviewcontroller : uiviewcontroller @property(strong,nonatomic)secondviewcontroller *secondviewcontroller; @end firstviewcontroller.m #import "firstviewcontroller.h" @interface firstviewcontroller () @end @implement...
Read more