SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Real-time data access - security issues

    Hi,

    This is a general question about database design.

    I am developing a site that is to store users' data on a database, along with a single piece of data that all users are not allowed to know - essentially, the site is like a quiz.

    I need to keep the secret data secret yet access it multiple times from a real-time front-end e.g. a java program.

    I am concerned about security in this case - are hackers/malicious users going to be able to discover the secret data? I am averse to encrypting the data because I don't see how that improves the security - surely then you just have to keep the key secret? Is there some sort of extra level of abstraction or an interface that I can insert between the outside world and the database so that it is impossible to access the contents of the database unless you are the administrator?

    Please excuse my ignorance if this is a very stupid question, I have not had to deal with these kind of issues before.

  2. #2
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If your Java program is completely client side and accessing remote database there is no way you can stop curiuos people from accesing your database. The best you can do is to encrypt all data and decrypt it deep inside the application (code obcuring will be helpfull). But it will not give any warrany against reverse egineering. The safest way is to place some server side proxy application that will handle connections to the database.

    Jasper

  3. #3
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So let's say that I had a java applet calling up a server interface to query the database (maybe the server interface would be a .php page?), then I could restrict what the applet could do because it would only be able to call the methods associated with the interface, right?

    How do you authenticate a request to such an interface? How do you ensure that requests are coming from valid user's accounts and not from some smart kid who's just spoofing the calls that the java applet would make?

    Thanks,


    Jon

  4. #4
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How do you authenticate a request to such an interface?
    If this service is publicly available there is no direct way to achieve this.
    The best way is to accept/return only the data that is neccessary for your tasks.
    For example if you are helding a quiz, first spit out a list a quesions then accept list of answers then process them server side then return the quiz result.

  5. #5
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jasper77
    ...then return the quiz result.
    That's precisely it!

    If I want to return the quiz result, it has to be either decrypted or not encrypted in the first place...

    If it's decrpyted, I have to keep an unencryption key somewhere - I could put it in a server-side, included file that's not accessible by http for instance. But what about FTP - they could get in and look at the key, no? How do you secure the key?

    If the answer's not encrypted in the first place, then could you just look direct at the data files with FTP?



    J.

  6. #6
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You are overcomplicating things. Why should you encrypt the quiz result?
    Here is the typical scenario. Your server side program sends a question and answer variants then receives an answer, then sends another question then receives an answer. When it get all answers it calculates quiz result (e.g. Excellent) and returns to your client application. Just do not send list of correct correct answers on the client side then no there will be no need for spy games and $100 bills torn in two pieces.

  7. #7
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah, yes, I get it now, as far as protecting things from your users goes, but I'm worried about protecting information from hackers.

    If the server is able to return a quiz result to the client, that means that at some point it has had to refer to the answers. If someone was to log-in to the server using FTP and view the data files, couldn't they look directly at the answers?

    The above is assuming the answers to remain unencrypted. However, if we did encrypt them to prevent curious FTP'ers viewing the answers, we'd have to store the key to the unencryption somewhere. Again, what is to stop an FTP'er from looking at the file with the unencryption key in?

    Sorry to draw this out, but I just want to be certain that we're both thinking about the same thing!

    Thanks,


    J.

  8. #8
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If the server is able to return a quiz result to the client, that means that at some point it has had to refer to the answers. If someone was to log-in to the server using FTP and view the data files, couldn't they look directly at the answers?
    Sorry, but I have to admit that I'm not quite understanding your project objectives. I wonder why whould anyone have FTP access to your database/program files?

  9. #9
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jasper77
    Sorry, but I have to admit that I'm not quite understanding your project objectives. I wonder why whould anyone have FTP access to your database/program files?
    Well, the thing is, that from the advice that I'm getting about this issue, other people seem to be warning me about the dangers of people FTP'ing in, although I admit that would mean that they'd need the FTP username and password...

    Also, someone mentioned the risks of having users that share the webspace/database being able to connect from localhost, which would be a risk.

    Do you know what the dangers are that arise from having users share your server (as in ordinary hosting packages)?

    If you know a good guide to website security, I'd be very happy to read it!

    Thanks,


    J.

  10. #10
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    Germany
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, I understand. You should begin from the basics, this could be a good start:
    http://www.cgisecurity.com/owasp/html/

    Good luck

  11. #11
    SitePoint Member
    Join Date
    Aug 2005
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot, that looks really useful.


    J.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •