«

»

Oct 11

Build security into your systems part 11

XML considerations
XML and XSLT stylesheets are becoming the industry standard for the access, distribution, and presentation of data. With databases which permit web publishing, stylesheets can be used to remove or modify meta-data in XML files sent to web users (for example, to hide field names), or to statically define query string parameters (such as database and layout name values) to prevent them from being exposed to or modified by web users.
Reminder: Data formatted as XML is essentially text. This means that it can potentially be intercepted and read, unless appropriate means are used to encrypt it. Whenever you are broadcasting data with TCP/IP and hosting databases, you should use SSL encryption in the web server application. This blocks “packet sniffer” applications, which monitor network traffic and might be capable of extracting your database data.
Never enable any extended privileges unless it is necessary.
Considerations for PC and MAC events
Your own computer’s operating system can trigger events, such as automatic upgrades, which can have implications for your database. Make sure you set your upgrade preferences to manual rather than automatic.
Whenever introducing third-party technology, test all scripts and user scenarios thoroughly to ensure there are no ‘back doors’ that might leave you vulnerable.

Following all of these guidelines may seem laborious, but keep in mind the rise of identity theft and threats to credit card security are growing. Data theft from your company can be even more disastrous.  Your data is the wealth of your company, but with these steps to protect your databases, you should be able to ensure that your company is safe and secure from accidental or deliberate threat.

Leave a Reply