Web Security

HTTPS

When you connect to a server, all requests and responses are sent using the HTTP protocol. Anyone monitoring traffic can intercept these messages, and view the content.

For example, if you are entering a username and password, they will be sent as plain text to the web server. Similarly, entering payment details would be risky: someone snooping on your traffic could identify the card details.

HTTPS is HTTP with SSL – SSL is a technology that encrypts the data transfer between the client and the server. It is commonly indicated by:

• Use of https rather than http in the web address
• A padlock symbol indicating that the connection is secured

Note that HTTPS does nothing to guarantee the security of the data beyond the transfer between machines. The web server could be compromised and data stolen from there. However, this is still an important security measure.

Firewalls

Given that websites can be powered by several different machines, all with different roles, it is important to segregate them appropriately.

A database server does not need to be accessible online in order to use it on a website. The client never connects directly to it – there is no mechanism to allow that. Therefore, the database server should be secured behind a firewall that limits access to only the web server that processes code needing to connect to the database.

Measures such as this reduce the surface area of attack, and greatly reduce the chance of valuable or sensitive data being stolen.

Encryption

Encryption is a mathematical process that changes data, so that while it still contains the original information, it is in a form where it is unreadable, unless you have a key to decrypt it. If you operate an e-commerce site, you could end up processing people’s payment cards – you may need to store these details, but what would happen if you stored them unencrypted in a database, and the database is compromised? (Hacked, stolen etc)

By encrypting data, you ensure that only people with the correct key can retrieve and view the data. Anyone else will simply see junk information.

Hashing

Your website allows users to log in – so you need to store their usernames and passwords in a database, in order to make sure that they are entering valid details. As with the example above, you don’t really want to store passwords in plain text – if the database is hacked, malicious actors will be able to read everyone’s passwords. Remember that people have a habit of reusing usernames and passwords across different services, and this is a problem.

Unlike encryption, hashing is a one-way process. Data is fed in to a hashing algorithm (data could be a password, or a whole document) and the output is a value – a long number. Hashing algorithms are designed so that the likelihood of different datasets producing the same output are very low.

Instead of storing passwords as plain text, it is usual to store the hash of a password. When a user attempts to log in, the password they type in is hashed, and if the hashed value matches the hash stored in the database, then they are granted access. The advantages of this approach are:

• If the database is stolen, and the encryption key is found, then all data can be decrypted and easily viewed
• Every time a certain word is encrypted, it will give the same output – therefore, if you know one user’s password, you can find anyone else using the same password. Remembering that a huge number of people use one of a small set of common passwords, this is troubling
• When you hash a password, you can also salt it; salting a password means that different hashes of the same piece of data will have different values. Also, as a hash is one way, it is impossible to work back to the original data. This way, if the data is stolen, it is virtually impossible to extract anything meaningful from the data. Even users with the same passwords as each other remain safe in the event that one user’s password is discovered