QuestionsAndAnswers

Questions: Would it be possible to use a session variable for the key? (Or a request variable.)

I do not want to save the :key on the web sever or database at all, but, rather, have it only be memorized by the user and only sent when the user asks for the information. Is attr_encrypted a solution?

Answer
Yes, you can set the encryption key as a proc like so:


# your model
class User < ActiveRecord::Base
  attr_accessor :key
  attr_encrypted :credit_card, :key => proc { |user| user.key }
end

# your controller
def some_action
  @user = User.find(params[:id])
  @user.key = params[:key]
  @user.credit_card # returns decrypted credit card number  (if key is correct),
                    # otherwise raises an exception about an invalid key
end

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

QuestionsAndAnswers

Questions: Would it be possible to use a session variable for the key? (Or a request variable.)

Answer
Yes, you can set the encryption key as a proc like so:

Clone this wiki locally

QuestionsAndAnswers

Questions: Would it be possible to use a session variable for the key? (Or a request variable.)

Answer Yes, you can set the encryption key as a proc like so:

Clone this wiki locally

Answer
Yes, you can set the encryption key as a proc like so: