Chapter 10: Web Data Security

Overview

• Creating and Using Database Connections

• Stopping Information Leaks

• Adding Data Encryption to an Application

• Using Remoting and Data Encryption

• Creating Applications that Rely on SSL for Requests and Responses

Chapter 9 discussed the importance of keeping your server safe. The server is the container for your data and that use spells out the value of keeping the server safe. After you consider every other aspect of security, the ability to manipulate and use data safely is the cornerstone of the process. The result of creating a safe environment is data that you can rely on for business needs.

This chapter moves beyond the server—the container for the data—and examines the data itself. The chapter begins by discussing a data manipulation, presentation, and storage application—the database. Many Web pages still rely on static data and others use manual programming techniques, but the database is becoming an ever greater part of the data picture for Web sites—just as it has for every other business need.

The next several sections of the chapter discuss data protection. For example, you need to consider the problem of data leaks—information that you want to stay within the enterprise, company, workgroup, or other area of control but ends up leaking into other locations. Every company has data leak problems, but you can minimize them. The chapter also discusses data encryption techniques for Web applications. Make sure you understand the cryptography techniques discussed in Chapter 7 before you move on to these sections. As part of the data protection strategy, you’ll also need to consider using Secure Sockets Layer (SSL) features.