Jump to content
  • Advertisement
Sign in to follow this  
Rasterman

[web] Your company financial data on a 3rd party webserver

This topic is 2597 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I have hosted my own server for 10 years and want to move to shared hosting or a VPS. My main concern is having all of my order history on a server that admins of the host will have access to. Is there a way to protect my company financial and customer data? Should I be worried about this?

Share this post


Link to post
Share on other sites
Advertisement
If you're worried about it, encrypt it. If you're really worried about it then don't put it on a third party server.

Share this post


Link to post
Share on other sites
If you store it on a third party server and need to view it from that server, e.g. From a web app, remember that you would need to decrypt it there so all neccessary info to decrypt it will be there anyway and this will only be a minor fly in the ointment to any intruder. Consider encrypting the info using a users ssl fingerprint hash as a salt or such, so that even if a hacker gains access to the database the info within is useless without also having a specific ssl certificate file which you can distribute to a subset of trusted employees (eg accountants and director) - would this be of use?

Share this post


Link to post
Share on other sites
Um SSL certs are installed on the server end so they're "available" to everyone, technically. However, you should definitely implement some sort of user authentication/authorization scheme. If you can't afford to utilize physical RSA tokens you could set up a random code that gets generated every day and then made available to the appropriate managers who can then dole them out as need via paper or somesuch so a user would need their own personal login credential as well as this code to log in. That should make it relatively secure. But yes, force ALL interactions with this server to be done over SSL. I just didn't go into this kind of explanation in my first post because you mentioned already having had a server but am wondering about hosting it on a 3rd party server so you *should* already have something like this in place already.

Share this post


Link to post
Share on other sites
I was referring to client certs, these should not be available to everyone. I have a personal client cert installed in firefox and i have designed several of our office web based systems to authenticate me via it rather than a password, being much more secure and convenient.

Share this post


Link to post
Share on other sites
Well, you wouldnt give the certs to people via the internet. The best way to do this would be to meet in person giving them a CD or usb stick or such with the certificate file on it.

Failing that, you can have them generate their own certs, have them tell you just the fingerprint id of their generated cert (over skype or such) then use a combination of all the fingerprints as the encryption key of your data.

Of course this means that if an employee leaves you have to revoke their cert and then re-encrypt all the company data either without their key, or with a new key of the new starter.

Maybe that's going a bit overboard though... :rolleyes: after all, they must install that certificate into their web browser and if their PC is infected with a trojan the certificate files may be taken, and maybe the password could be bruteforced from the certificate, so in the end it would all count for squat.

Share this post


Link to post
Share on other sites

Well, you wouldnt give the certs to people via the internet. The best way to do this would be to meet in person giving them a CD or usb stick or such with the certificate file on it.

Failing that, you can have them generate their own certs, have them tell you just the fingerprint id of their generated cert (over skype or such) then use a combination of all the fingerprints as the encryption key of your data.

Of course this means that if an employee leaves you have to revoke their cert and then re-encrypt all the company data either without their key, or with a new key of the new starter.

Maybe that's going a bit overboard though... :rolleyes: after all, they must install that certificate into their web browser and if their PC is infected with a trojan the certificate files may be taken, and maybe the password could be bruteforced from the certificate, so in the end it would all count for squat.

My SSL comment was more about a man-in-the-middle attack where someone is sniffing packet data. They could easily intercept the cert verification info and be able to "be you."

Share this post


Link to post
Share on other sites
surely, they cannot intercept the certificate validation. to do so would be a flaw in the ssl protocol so vast that it would make all ssl authentication by client certificate completely useless.
I am referring to proper diffie-hellman style key exchange that is at the lowest level of the ssl protocol, client and server certificates are exchanged in the same way and validated in the same way. Therefore if they were able to man-in-the-middle your client cert they could do the same to the server cert, making it completely pointless :-)

Here is a page documenting what i mean and why it is as secure as you'll get, and avoids all issues of writing risky encryption and authentication yourself: http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500

Share this post


Link to post
Share on other sites
Thanks for the discussion guys, I need to explain some more: my customer data on my server is name, email, address, order amount, products bought, etc. What I don't want is anyone other than myself access to this data, I am mainly concerned with financial data (the total sales history of my products) the issue I have is customers can request their registration code or change their email in my system, so I can't remove the data that is old, or encrypt it because it will need to be encrypted/decrypted with each database query wouldn't it, if that is even possible? Even so the encryption keys would need to be on the server, and if they have access to the server they have access to the keys.

One idea I had is to simply remove all of the dates and price information from my database on the server, and keep a database with the dates locally, then do a sync every month or so removing the older dates on the server. This wouldn't remove all of my historical sales data but would remove two important factors, timing and pricing.

I'm not really _that_ worried about it, but would like to protect it is possible.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!