Blarg #9: Help me make code that is a webapp, uses a DB, and is secure
Here is a reply to a really common question. What are the things I should keep in mind when making a secure website? This particular question was from a person who was considering using Java or Python, but the important stuff really doesn't rely on a particular programming language. If you are green, take a peek. If you know your stuff, fill in what I missed.
You'll note my answer hints at Linux+Java, and I don't say just use J2EE. I'm biased to the free, simple, easy solution. Please feel free to argue something better.
it looks like i might be writing some code that involves
- a web-based front-end
- lots of database action on the back-end
- a real need to care about security
i'll probably be doing this with someone who's pretty good with Python,
but we might be convinced to switch to java. seems like i ought to pick
your brain about this in either case. any good resources i should start
with (i don't know anything that's not obvious about databases or
security, for example)?
In general, security isn't too tough, especially if you have local access to the server. Here are the easy fixes:
- Don't let external ip addresses access your DB. Always admin in person, at the box. Close/firewall the sensitive ports.
- Don't let root or dbadmin remotely log in to the server. Always require that sort of user to log in locally.
- Don't ever let users execute SQL commands. Abstract DB access via a simple library.
- If you don't need full db write access, set up a SQL view that won't let the webapp write/delete parts of the DB that it shouldn't.
- Tunnel all sensitive web traffic using SSL/TLS. Everything else sends content via plain text. If you are real paranoid, buy a real 509.x certificate so that you don't have to worry about man-in-the-middle hacks.
- Sandbox the app. Literally with Java. Don't let webapp code read/write to things that it shouldn't. This is a common flaw in most CGI-based apps.
- Don't use ftp or telnet. Use sftp and ssh if you need to, and never give more read/write access than is needed.
- Back up frequently and have the server e-mail its remote access and firewall logs to you. Proactively block all the ips that ping your server every second with a login attempt (you'll have quite a few)
- Don't be lazy.
Doing all this on linux/java is no problem. SSH, SFTP, and firewall/packet filtering comes with linux. All the restrict-root-to-a-local-user tricks are simple SSHD configuration options. Pick up a SQL book or google for help with db management, it is old hat. Java/Jakarta Tomcat will solve all the webapp/SSL/TLS/db access issues.
Outside of Linux/Java. Most all of the mentioned software is available for non-windows boxes. Don't use windows. As for python, if you are happpy with the db access libraries and the webapp/CGI libraries you should be fine. If I remember right, python has weak HTTP/SSL/TLS support, but Apache can easily make up for that.
You should be able to pair "howto" with any of software names I mentioned and google will turn up plenty of guides.