A Security Blanket
There, there. Everything is going to be okay. Oh, wait, wrong type of security blanket. The plain truth is that nobody in the Web 2.0 space is paying attention to security basics. Security is in the way of innovation. Rather than do the minimum and pay for an SSL server certificate, people just throw up their sites, slap Beta on them, and say good enough for me. As young, strong, security-minded developers we need to put our feet on higher ground. We have to get back to security basics and retreat to our happy place.
Confidentiality
Take a good look at your data. What is it? Is any of it private? If it is, then just throwing it out on the Internet is not a good idea. Even if you don't consider the data private, others—such as your users, regulators, or the government—might.
Some threats to data and confidentiality include:
Hackers
Eavesdroppers
Unauthorized users
Unprotected uploads
Unvalidated feeds
Nontrusted networks
Trojan horses and viruses
Social engineering
Preserving the confidentiality of data usually is as easy as encrypting it. How, when, and with what type of encryption really depends on the use case and how the data is being used.
For example, if your site accepts personal information such as name, address, social security number, date of birth, and so on, rather than post that data in plain text over HTTP, consider encrypting the channel and thereby protecting the confidentiality and integrity of the data while it is traveling across the network.
Likewise, ...
Get Securing Ajax Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
