blind_index 2.1.0 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/README.md +25 -1
- data/lib/blind_index.rb +2 -5
- data/lib/blind_index/model.rb +1 -1
- data/lib/blind_index/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 030c05f4653c350dbbfc5dd2f39727e44819c286865b27a18ac10c6e94fca449
|
|
4
|
+
data.tar.gz: f92d3e7d76a1b9ae65fe55bc1cf39e4a133dd633f2c620f0fa75dd0f35df8a55
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa5d431804b50709280499845fd4609b0d576328c01a9be87f5d6cffeeb0a37d9fa10eba6a0f5fa33ccae83056bb939e25b85373839ba3d232f1488c88ce6d36
|
|
7
|
+
data.tar.gz: ddec86434f1b6908763d454a7fa67507bbb0b98bf30c0038b4331dae26d314c58c4a9312b3db1ffff087aa8a3162e8e30cc4082c60f8aadccb688e78d80c4934
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
## 2.1.1 (2020-08-14)
|
|
2
|
+
|
|
3
|
+
- Fixed `version` option
|
|
4
|
+
|
|
1
5
|
## 2.1.0 (2020-07-06)
|
|
2
6
|
|
|
3
7
|
- Improved performance of uniqueness validations
|
|
@@ -12,7 +16,7 @@
|
|
|
12
16
|
|
|
13
17
|
- Added `BlindIndex.backfill` method
|
|
14
18
|
|
|
15
|
-
## 2.0.0 (
|
|
19
|
+
## 2.0.0 (2020-02-10)
|
|
16
20
|
|
|
17
21
|
- Blind indexes are updated immediately instead of in a `before_validation` callback
|
|
18
22
|
- Better Lockbox integration - no need to generate a separate key
|
data/README.md
CHANGED
|
@@ -10,7 +10,7 @@ Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive
|
|
|
10
10
|
|
|
11
11
|
## How It Works
|
|
12
12
|
|
|
13
|
-
We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. `LIKE` queries are not possible, but you can index expressions.
|
|
13
|
+
We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. Efficient `LIKE` queries are [not possible](#like-ilike-and-full-text-searching), but you can index expressions.
|
|
14
14
|
|
|
15
15
|
## Leakage
|
|
16
16
|
|
|
@@ -289,6 +289,30 @@ or create `config/initializers/blind_index.rb` with something like
|
|
|
289
289
|
BlindIndex.master_key = Rails.application.credentials.blind_index_master_key
|
|
290
290
|
```
|
|
291
291
|
|
|
292
|
+
## LIKE, ILIKE, and Full-Text Searching
|
|
293
|
+
|
|
294
|
+
Unfortunately, blind indexes can’t be used for `LIKE`, `ILIKE`, or full-text searching. Instead, records must be loaded, decrypted, and searched in memory.
|
|
295
|
+
|
|
296
|
+
For `LIKE`, use:
|
|
297
|
+
|
|
298
|
+
```ruby
|
|
299
|
+
User.find { |u| u.email.include?("value") }
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
For `ILIKE`, use:
|
|
303
|
+
|
|
304
|
+
```ruby
|
|
305
|
+
User.find { |u| u.email =~ /value/i }
|
|
306
|
+
```
|
|
307
|
+
|
|
308
|
+
For full-text or fuzzy searching, use a gem like [FuzzyMatch](https://github.com/seamusabshere/fuzzy_match):
|
|
309
|
+
|
|
310
|
+
```ruby
|
|
311
|
+
FuzzyMatch.new(User.all, read: :email).find("value")
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
If the number of records is large, try to find a way to narrow it down. An [expression index](#expressions) is one way to do this, but leaks which records have the same value of the expression, so use it carefully.
|
|
315
|
+
|
|
292
316
|
## Reference
|
|
293
317
|
|
|
294
318
|
Set default options in an initializer with:
|
data/lib/blind_index.rb
CHANGED
|
@@ -146,12 +146,9 @@ ActiveSupport.on_load(:active_record) do
|
|
|
146
146
|
end
|
|
147
147
|
end
|
|
148
148
|
|
|
149
|
-
|
|
150
|
-
# TODO find better ActiveModel hook
|
|
151
|
-
require "active_model/callbacks"
|
|
152
|
-
ActiveModel::Callbacks.include(BlindIndex::Model)
|
|
153
|
-
|
|
149
|
+
ActiveSupport.on_load(:mongoid) do
|
|
154
150
|
require "blind_index/mongoid"
|
|
151
|
+
Mongoid::Document::ClassMethods.include(BlindIndex::Model)
|
|
155
152
|
Mongoid::Criteria.prepend(BlindIndex::Mongoid::Criteria)
|
|
156
153
|
Mongoid::Validatable::UniquenessValidator.prepend(BlindIndex::Mongoid::UniquenessValidator)
|
|
157
154
|
end
|
data/lib/blind_index/model.rb
CHANGED
|
@@ -10,7 +10,7 @@ module BlindIndex
|
|
|
10
10
|
# check here so we validate rotate options as well
|
|
11
11
|
unknown_keywords = options.keys - [:algorithm, :attribute, :bidx_attribute,
|
|
12
12
|
:callback, :cost, :encode, :expression, :insecure_key, :iterations, :key,
|
|
13
|
-
:legacy, :master_key, :size, :slow]
|
|
13
|
+
:legacy, :master_key, :size, :slow, :version]
|
|
14
14
|
raise ArgumentError, "unknown keywords: #{unknown_keywords.join(", ")}" if unknown_keywords.any?
|
|
15
15
|
|
|
16
16
|
attribute = options[:attribute] || name
|
data/lib/blind_index/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: blind_index
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|