Exception occurs with empty string #31

Closed
Capncavedan opened this Issue Mar 8, 2013 · 7 comments

Projects

None yet

2 participants

@Capncavedan
Contributor

When saving a record where an encrypted field has a value of "" (empty string), as is common when a web form field is left blank, crypt_keeper raises an exception.

I've worked around it by setting the field to nil if it == "" in the controller but this is inelegant for sure.

Is there a cleaner workaround I'm not aware of?

Thanks,
-Dan

@jmazzi
Owner
jmazzi commented Mar 8, 2013

@Capncavedan which encryptor are you using?

@Capncavedan
Contributor

The default AES encryptor, like so:

crypt_keeper :social_security_number, encryptor: :aes, key: "super secret"
@jmazzi
Owner
jmazzi commented Mar 8, 2013

One option I can think of is creating a "strict" mode for the AES encryptor, and others really. That would be the default mode. In strict mode, you would receive errors for nil or empty values, like you currently do. In non strict mode:

crypt_keeper :social_security_number, encryptor: :aes, key: "super secret", strict: false

the original value you would be returned for nil or empty strings for decrypt and encrypt. It would look something like this:

def encrypt(value)
  if value.blank? && strict_mode
    value
  else
    # encryption
  end
end

def decrypt(value)
  if value.blank? && strict_mode
    value
  else
    # decryption
  end
end

How do you feel about creating a pull request to do that?

@jmazzi
Owner
jmazzi commented Mar 8, 2013

@Capncavedan let me know what you think about that.

@Capncavedan
Contributor

I think that sounds pretty good, @jmazzi.

I'll work on a pull request.

Note that nil and non-empty strings, e.g. " ", don't generate problems with AES, at least in my experience so far. Just the empty string.

@jmazzi
Owner
jmazzi commented Mar 8, 2013

Hmm, well I'm not sure that's a issue with crypt_keeper then. Non empty strings have a value.

On Friday, March 8, 2013 at 5:07 PM, Dan Buettner wrote:

I think that sounds pretty good, @jmazzi (https://github.com/jmazzi).
I'll work on a pull request.
Note that nil and non-empty strings, e.g. " ", don't generate problems with AES, at least in my experience so far. Just the empty string.


Reply to this email directly or view it on GitHub (#31 (comment)).

@jmazzi
Owner
jmazzi commented Apr 11, 2013

closed by #35

@jmazzi jmazzi closed this Apr 11, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment