Storing Social Security Numbers in Rails…

Posted by blainegarrett on Sep 15th, 2007 | View Comments

For the forth coming store for Adamantine Arts, artists will be able to sell  print, originals, etc via our site. Since this is an affiliate program of sorts, we need to keep track of SSN/EIN and more for tax purposes (CC and other billing info is kept with PayPal – I’ll let them worry about their security). So with all the reports of laptops stolen containing spreadsheets of plain social security numbers, I figure I better prevent that issue right away. The encryption needs to be true encryption (not 1 way hashing). I scoured the net last night for implementations to use with Ruby/Rails. I mostly found half educated discussions about how encryption is hackable and other non-solution type responses. God Bless the ability of people to clog Google’s results with keyword injected garbage. Anyway, this morning I found the below article at the Stuff and Things blog. It is a clear and straight forward guide for using openSSL to do 2-way encryption to encode your data. The only thing left out for my situation was getting this to work with active records. However, I skipped the whole acts_as_secure overhead and just wrote some wrappers I tossed into my application_controller.rb file. Bam. Secure.

http://stuff-things.net/2007/06/11/encrypting-sensitive-data-with-ruby-on-rails/