I read with horror TechCruch’s recent scoop that confidential business plans submitted to a prominent venture capital firm were accidentally published on the web. Ouch. It seems the database that the firm was using behind its online application was dumping the data into a human-readable backup file. The backup file lived in the same directory (folder) on their server as other web content, so it was accessible through a browser, and was indexed by Google.
Here are five tips for building any sort of web form or service that is going to handle confidential data:
- Put your data on a different server (or servers) than your web files. The two don’t mix.
- Lock down those database servers so only application code is allowed to connect to it, and the web servers are not.
- Configure your backups to produce compressed, encrypted files, not human-readable files.
- Move those backup files to tape archives. Did we mention not putting them on your web servers?
- Turn off the Indexes option on your web server, which allows anyone (like Google’s automated crawlers) to see a list of all files in a directory on your server, even if they’re not linked to from a web page.
- Bonus Tip: If you don’t know what you’re doing, go with someone who does — like, say, TrackVia!
Can you provide some more details on this?