Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Security on shared server

by derekstucki (Sexton)
on Mar 04, 2014 at 21:48 UTC ( [id://1076979]=note: print w/replies, xml ) Need Help??


in reply to Security on shared server

To answer a few questions, this is on a professional hosting service, which is PCI compliant, and therefore has reasonably good isolation between clients, but one can never be too careful, thus this post.
Post-processing information is stored securely in a database, so outside the scope of this post. HTTPS, as was stated, is obviously in place and strictly enforced.
The OS in question is Linux, I've checked file permission security, and it's in place. Root obviously could get to it, but unless the hosting service is compromised, root can be trusted.
I'm expecting file sizes to be < 1 MB.
As for my level of experience, I have a BS in CS, almost have my CCNA, and have never had a security audit come back with a problem. I know enough when to ask about things I'm not sure about.
Encryption on disk is an option, but...
Thus far, it seems the consensus seems to be for keeping it in memory if the file is small enough. This is feasible, and the direction I'll head at this point, but any additional feedback would be greatly appreciated.

Replies are listed 'Best First'.
Re^2: Security on shared server
by Anonymous Monk on Mar 04, 2014 at 22:47 UTC

    Keeping it in memory sounds like a good way to go. As stated above, you should probably check that your web server doesn't use temporary files for file uploads.

    It also avoids another issue: what happens if your program for whatever reason fails before it deletes the file (you'd need a cron job regularly clearing out your temp dir, etc.).

    While a certain level of paranoia is useful when working with senstive data, to keep myself from getting too paranoid about things I try to remember what the stated security requirements are, and to stay realistic about what any additional countermeasures I implement actually protect against.

    Just as one example, when using disk encryption, people sometimes seem to forget that as long as those encrypted drives are mounted (which in some cases is all the time), anyone who compromises the running system has access to their contents anyway. So unless you're protecting against the disks being stolen, or people forgetting to wipe them at decomissioning, disk encryption won't help your network security.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1076979]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2024-04-19 06:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found