|
-
Jan 18th, 2019, 12:23 AM
#1
Securing online database against leakage
How do we secure or at least minimize data breach of our databases if we have web apps? Do we have to encrypt all data of each column/row?
-
Jan 18th, 2019, 12:53 AM
#2
Re: Securing online database against leakage
What exactly do you mean by "web apps"? If you have an application hosted on a web server and the user is accessing that via a browser then they can't see the database at all so there's nothing special required. The application is connecting to the database from inside the host's network so the only way someone could access data they shouldn't is if your application is badly written. This is why apps on phones and the like should access data via a web service rather than direct connection to the database. The web service provides the same layer of security as a web site does.
-
Jan 18th, 2019, 01:17 AM
#3
Re: Securing online database against leakage
Yes, applications hosted on a web server. This past 2 years our website was defaced twice, and I do not know if to what extent those hackers got into the web server so I have this concern about the security of the database. Do I just trust the security of our host? It appears that if they can get into the database then they surely could also get into the source code and determine how to decrypt those data if ever we'll encrypt them.
-
Jan 18th, 2019, 04:00 AM
#4
Re: Securing online database against leakage
There are a number of web security standards that you an apply which can help Take a Look at the OWASP top 10
https://www.owasp.org/index.php/Cate...op_Ten_Project
A few other things to consider is your website http or https ? If you are not using https then you should be as it encrypts your http traffic for you. You would need to purchase an SSL certificate obviously.
One thing JMC touched upon is web services, all my apps both Web and Mobile are split with all database calls being in a web service, and the web app or mobile app is a different project which just makes web service calls.
This gives you another layer of security firstly it absolutely prevents SQL Injection as your not making any SQL calls in your web page. It would completely separate your data from your website.
Also using things like token authentication in your web service you can stop non authorised users from making web service calls.
I create web and mobile software that we sell to companies and are hosted by them on there networks, and we not only have to follow security standards we often get penetration tested on our applications so we know taking these steps to secure you web apps, websites and web services work.
Please Mark your Thread "Resolved",  if the query is solved & Rate those who have helped you
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|