A Rails app for private and secure communication
Ruby CSS CoffeeScript JavaScript
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
app
bin
config
db
lib
log
public
spec
vendor/assets
.env
.gitignore
.rspec
.ruby-version
Gemfile
Gemfile.lock
README.md
Rakefile
config.ru

README.md

##KeepItAlive (The Pegasus Project)

KeepItAlive is a proof of concept communication service aimed at allowing people to talk privately and securely. It was created in an effort to understand the checks and balances necessary for running a website that protects its user’s communication from all parties, including the service’s owner.

The source code for this project has been provided to encourage discussion about security concepts and to help others learn about security within a Ruby on Rails setting. I am not a security expert and welcome any feedback from others in improving this project. Outlined below is a basic explanation of how the site works and the technologies used. Feel free to comment, fork, or submit pull requests.

For a comprehensive explanation of the service, please visit the how it works page.

###How privacy is managed

  • Messages expire after a specified date

  • Messages expire after a specified number of views

  • Messages expire after a specified number of decryption failures

  • No personally identifiable information is stored about visitors

###How security is managed

  • The website operates under a certified SSL

  • Messages are encrypted using a specified password that is not stored

  • Messages are encrypted a second time using a 2048-bit RSA key

  • Message lookup codes are one-way encrypted and only shown to a user once

###General Technologies:

  • Ruby 2.0.0 and Rails 4.0.0

  • Rspec and Capybara for testing

  • Gibberish and Strongbox for security

  • MySQL for Database

  • Stripe for donations

  • New Relic for performance and debugging

###Unfinished Work:

  • While Heroku only keeps the 1500 most recent log lines, this app should explicitly make sure log files aren't stored. It should also screen IP Addresses before logging.

  • Caching: The app operates relatively quickly because of a low asset package and a self-cleaning DB, but it needs page caching before heavy use.

  • Could always use more tests :-)