blind_index 2.1.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f6749c94ee9432d60e3095e77a3948f480c345b793555dadf5b25261247e406b
4
- data.tar.gz: e29eb3a994de26b1f67cb31a16bbaef66742aea0cf366ea5830247421c30a5b0
3
+ metadata.gz: 030c05f4653c350dbbfc5dd2f39727e44819c286865b27a18ac10c6e94fca449
4
+ data.tar.gz: f92d3e7d76a1b9ae65fe55bc1cf39e4a133dd633f2c620f0fa75dd0f35df8a55
5
5
  SHA512:
6
- metadata.gz: 4a195bd440c17774dcaf46196c34f2965a78ef7a95499501534fba3161cafc82af085a0046f9bc5e422e7b38476040c389ae3440cf0589db190cd9240f4c6521
7
- data.tar.gz: b1ba60817538b3fda557a392e136a2a61c80341332f16821a36e60b8f573659574fbfe36d85969f7730b172451de5e0c5a369d6a4a11c0e65608cfe369229c37
6
+ metadata.gz: aa5d431804b50709280499845fd4609b0d576328c01a9be87f5d6cffeeb0a37d9fa10eba6a0f5fa33ccae83056bb939e25b85373839ba3d232f1488c88ce6d36
7
+ data.tar.gz: ddec86434f1b6908763d454a7fa67507bbb0b98bf30c0038b4331dae26d314c58c4a9312b3db1ffff087aa8a3162e8e30cc4082c60f8aadccb688e78d80c4934
@@ -1,3 +1,7 @@
1
+ ## 2.1.1 (2020-08-14)
2
+
3
+ - Fixed `version` option
4
+
1
5
  ## 2.1.0 (2020-07-06)
2
6
 
3
7
  - Improved performance of uniqueness validations
@@ -12,7 +16,7 @@
12
16
 
13
17
  - Added `BlindIndex.backfill` method
14
18
 
15
- ## 2.0.0 (2019-02-10)
19
+ ## 2.0.0 (2020-02-10)
16
20
 
17
21
  - Blind indexes are updated immediately instead of in a `before_validation` callback
18
22
  - Better Lockbox integration - no need to generate a separate key
data/README.md CHANGED
@@ -10,7 +10,7 @@ Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive
10
10
 
11
11
  ## How It Works
12
12
 
13
- We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. `LIKE` queries are not possible, but you can index expressions.
13
+ We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. Efficient `LIKE` queries are [not possible](#like-ilike-and-full-text-searching), but you can index expressions.
14
14
 
15
15
  ## Leakage
16
16
 
@@ -289,6 +289,30 @@ or create `config/initializers/blind_index.rb` with something like
289
289
  BlindIndex.master_key = Rails.application.credentials.blind_index_master_key
290
290
  ```
291
291
 
292
+ ## LIKE, ILIKE, and Full-Text Searching
293
+
294
+ Unfortunately, blind indexes can’t be used for `LIKE`, `ILIKE`, or full-text searching. Instead, records must be loaded, decrypted, and searched in memory.
295
+
296
+ For `LIKE`, use:
297
+
298
+ ```ruby
299
+ User.find { |u| u.email.include?("value") }
300
+ ```
301
+
302
+ For `ILIKE`, use:
303
+
304
+ ```ruby
305
+ User.find { |u| u.email =~ /value/i }
306
+ ```
307
+
308
+ For full-text or fuzzy searching, use a gem like [FuzzyMatch](https://github.com/seamusabshere/fuzzy_match):
309
+
310
+ ```ruby
311
+ FuzzyMatch.new(User.all, read: :email).find("value")
312
+ ```
313
+
314
+ If the number of records is large, try to find a way to narrow it down. An [expression index](#expressions) is one way to do this, but leaks which records have the same value of the expression, so use it carefully.
315
+
292
316
  ## Reference
293
317
 
294
318
  Set default options in an initializer with:
@@ -146,12 +146,9 @@ ActiveSupport.on_load(:active_record) do
146
146
  end
147
147
  end
148
148
 
149
- if defined?(Mongoid)
150
- # TODO find better ActiveModel hook
151
- require "active_model/callbacks"
152
- ActiveModel::Callbacks.include(BlindIndex::Model)
153
-
149
+ ActiveSupport.on_load(:mongoid) do
154
150
  require "blind_index/mongoid"
151
+ Mongoid::Document::ClassMethods.include(BlindIndex::Model)
155
152
  Mongoid::Criteria.prepend(BlindIndex::Mongoid::Criteria)
156
153
  Mongoid::Validatable::UniquenessValidator.prepend(BlindIndex::Mongoid::UniquenessValidator)
157
154
  end
@@ -10,7 +10,7 @@ module BlindIndex
10
10
  # check here so we validate rotate options as well
11
11
  unknown_keywords = options.keys - [:algorithm, :attribute, :bidx_attribute,
12
12
  :callback, :cost, :encode, :expression, :insecure_key, :iterations, :key,
13
- :legacy, :master_key, :size, :slow]
13
+ :legacy, :master_key, :size, :slow, :version]
14
14
  raise ArgumentError, "unknown keywords: #{unknown_keywords.join(", ")}" if unknown_keywords.any?
15
15
 
16
16
  attribute = options[:attribute] || name
@@ -1,3 +1,3 @@
1
1
  module BlindIndex
2
- VERSION = "2.1.0"
2
+ VERSION = "2.1.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: blind_index
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-06 00:00:00.000000000 Z
11
+ date: 2020-08-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport