182 lines
4.0 KiB
HTML
182 lines
4.0 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Hide Sensitive Information</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Secure Programming for Linux and Unix HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Carefully Call Out to Other Resources"
|
|
HREF="call-out.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Counter Web Bugs When Retrieving Embedded Content"
|
|
HREF="embedded-content-bugs.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Send Information Back Judiciously"
|
|
HREF="output.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Secure Programming for Linux and Unix HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="embedded-content-bugs.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 8. Carefully Call Out to Other Resources</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="output.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="HIDE-SENSITIVE-INFORMATION"
|
|
></A
|
|
>8.8. Hide Sensitive Information</H1
|
|
><P
|
|
>Sensitive information should be hidden from prying eyes, both while
|
|
being input and output, and when stored in the system.
|
|
Sensitive information certainly includes credit card numbers,
|
|
account balances, and home addresses, and in many applications
|
|
also includes names, email addressees, and other private information.</P
|
|
><P
|
|
>Web-based applications should encrypt all communication with a user
|
|
that includes sensitive information; the usual way is to use the
|
|
"https:" protocol (HTTP on top of SSL or TLS).
|
|
According to the HTTP 1.1 specification (IETF RFC 2616 section 15.1.3),
|
|
authors of services which use the HTTP protocol <EM
|
|
>should not</EM
|
|
>
|
|
use GET based forms for the submission of sensitive data,
|
|
because this will cause this data to be encoded in the Request-URI.
|
|
Many existing servers, proxies, and user agents will log
|
|
the request URI in some place where it might be visible to third parties.
|
|
Instead, use POST-based submissions, which are intended for
|
|
this purpose.</P
|
|
><P
|
|
>Databases of such sensitive data should also be encrypted on any storage
|
|
device (such as files on a disk).
|
|
Such encryption doesn't protect against an attacker breaking the secure
|
|
application, of course, since obviously the application
|
|
has to have a way to access the encrypted data too.
|
|
However, it <EM
|
|
>does</EM
|
|
> provide some defense against
|
|
attackers who manage to get backup disks of the data
|
|
but not of the keys used to decrypt them.
|
|
It also provides some defense if an attacker doesn't manage to break
|
|
into an application, but does manage to partially break into a related
|
|
system just enough to view the stored data - again, they now have to
|
|
break the encryption algorithm to get the data.
|
|
There are many circumstances where data can be transferred unintentionally
|
|
(e.g., core files), which this also prevents.
|
|
It's worth noting, however, that this is not as strong a defense as you'd
|
|
think, because often the server itself can be subverted or broken.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="embedded-content-bugs.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="output.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Counter Web Bugs When Retrieving Embedded Content</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="call-out.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Send Information Back Judiciously</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |