0

Here's my situation: Say you run a service online that stores information that users of the service would want to keep for a long time. This information could be notes, files, etc. but it is information that the user should be able to trust will be there when they come back.

What patterns, method, techniques, etc. exist that could be put in place on the website/service to ensure that even the administrator would be unable to delete any of this data (with malicious intent, not by accident which could be fixed through backups or using rollback in a database). Something that reassures to the users that their data couldn't even be deleted by the guy running the service essentially securing the user of the service from attacks of availability from the administration.

My current thought is that since, for all intents and purposes, this administrator has root privileges to everything there is nothing that could be done to prevent the information being deleted from the service. One potential idea I had would to allow the user the option to export the data locally so that they could keep copies of their data.

I tried searching for something like this but I guess not a lot of people are thinking about this from the user's point of view.

d0nut
  • 876
  • 7
  • 13
  • 2
    I believe your thought is correct. Nothing you can do. Besides, even if there was something you could do, no software can stop the owner of the facility from unplugging the servers, pulling hard drives, or even burning the place down. – TTT Apr 01 '16 at 21:22
  • https://en.wikipedia.org/wiki/Two-man_rule , read-only media, the rule of law – Neil McGuigan Apr 01 '16 at 21:35
  • You could keep a local copy. For example Evernote stores your data online and offline and ymthud you would have access to your data even in an case when they get bancrupt or one of their servers burn down or whatever – BlueWizard Apr 04 '16 at 13:47
  • @JonasDralle yes, that's what I mentioned in my question already: *allow the user the option to export the data locally so that they could keep copies of their data.*. I was looking for any new ideas. – d0nut Apr 04 '16 at 13:48
  • Thats not what i ment. I ment keeping an independent copy without the user having to manually export it. Your application would just say "cant connect to server" but the data would stay there – BlueWizard Apr 04 '16 at 14:10
  • @JonasDralle then you might be misunderstanding the question. I want to add some sort of protection for the user from me; the site administrator. What protects the user from me going rogue and deleting all of their data/pushing out a command to their device to remotely wipe their data for the service, etc. I think that if they were to keep an offline copy it should be completely detached from any system I have control over. – d0nut Apr 04 '16 at 14:13

1 Answers1

1

The primary solution is exactly what you mentioned. Export or essentially a backup. If you want to retain data you must do it yourself. You might also have to have several methods of backup. Such as a cloud solution and a local solution to ensure if one is tempered with the other remains available.

Of course, if data is tampered or removed you will need a way to import your backed up data. Without the import you can't truly restore the service, only retain what it was.

Alternatively you could run your own storage/DB solution that only allows the service to connect but only be limited to insert and read entries. Most databases allow you to have access schemes that allow just this but prevent update, deletes, truncates, drops, etc. This however would require the user to run their own database. As well as them setting it up correctly. Which might not be ideal if you are looking for a regular end user friendly service. This can be complicated more so with firewalls, NATs, permissions, etc.

Otherwise if someone controls the service and controls the data there is absolutely nothing an end user can do to prevent them from editing/deleting data from it.

Bacon Brad
  • 3,340
  • 19
  • 26
  • This is what I figured but I just wanted to run this by some other people to see what they say. Thanks for answering my first ever question on StackExchange :) – d0nut Apr 01 '16 at 22:29