I want to build a web-based information management application for a client. The application will be used to store passwords and critical documents online.
I want to know:
(1) Which language/framework to go with: PHP or Ruby on Rails (RoR) or any other?
(2) What type of hosting for good-security, Linux or Windows? Any other thing to be included?
(3) Suggest open-source but bug-free crypto libraries for PHP & RoR.
(4) I am planning PostgreSQL database. Any suggestions?
(5) Any other security considerations.
As far as a crypto library for Ruby, I’ve had good results with the EzCrypto Gem. It wraps the Ruby OpenSSL library and makes it easy to do symmetric encryption. The challenge is less about doing the encryption and more about where and how to store your keys (as you mention in your question).