Summary

This chapter discussed the data portion of security for Web applications. It’s important to consider that every piece of information, no matter how small or unimportant, that you place on a public Web site is available to everyone at some point. Even if you password protect the Web site and grant access only to a privileged few, the data is going to leak. You also need to protect data as you move it from one location to another. This requirement normally means that you have to encrypt the data in some way, either manually or automatically as part of some other process. Finally, you need to consider the ramifications of using messaging queuing with your application. Yes, it’s a nice feature, but you need to consider the costs associated with the Windows message queuing feature.

Now it’s time to take action for the sake of your data. Begin by looking at the security policies for your company. Do you have a policy in place that not only governs the dissemination of data by employees, but the presentation of that data by applications? The application developer is in a good position to reduce the vulnerability of data to outside influences. You’ll also need to consider whether you need additional data security in place. A good way to look at data transferal across the Internet is to consider how much damage that data would cause if you printed it in the local newspaper.

Chapter 11 discusses one of the most popular Web applications in use today, the Web service. It’s not always a good idea to buy into all of the hype surrounding this technology. In addition, you need to choose the correct technology for a specific need. Using some technologies for a Web service can leave your server and your data completely open to attack.