johnhutch
commented
7 years ago Can devise easily? Via configuration? If so, do it 1.0. otherwise, 1.1.
Open jon-athan-hall opened 7 years ago
johnhutch
commented
7 years ago Can devise easily? Via configuration? If so, do it 1.0. otherwise, 1.1.
Set up the storage/retrieval of user email addresses to be encrypted/decrypted. This prevents hackers, with only access to our database, from performing direct lookups.
Check out the gem below for a possible solution. Looks like it offers an encrypt method to use to prior to database storage, and a decrypt method to use after grabbing from the database. https://github.com/attr-encrypted/attr_encrypted
Note: this is useless if a hacker has complete access to everything, because they'll see our encryption process. But it is at least helpful for those with only database access. Still worth doing if you ask me.