1

I'm working on a web platform which will contain some rather sensitive personal information, and obviously this raises the problem of how secure this data will be. Users can upload some files, and I was wondering what the best way was to store them securely.

I've done several searches, and one of the pages I found inspiring was https://stormpath.com/blog/how-to-gracefully-store-user-files (I'm not using Stormpath btw, just looking for implementation ideas) which said that using Cloud services is one of the best solutions as their security is already quite tight. The caveat I've found in other discussions is that your data is stored by a third-party, and if you use Amazon-managed encryption keys, they can theoretically view your data.

Yet, overall, one thing I don't quite understand - I guess because of my total lack of expertise in the domain - is why storing files elsewhere than on your own server would be more secure. I've tried imagining a few different scenarios :

1- files stored on the webserver with no encryption -> obvious issue if someone breaks into the server

2- files stored on the webserver, encrypted with a global key, stored outside of the "public" folder -> if someone manages to get access to the server, they could get the files but also find the encryption key (and whatever they want actually) and access the files?

3- files stored on a 3rd party cloud provider, encrypted with a global key, stored outside of the "public" folder -> well.. same issue? if someone gets access to the server, they can get the encryption key, and I guess it wouldn't be difficult for them to get the file which gives the credentials to the cloud account, and hence get the files?

Overall, it seems that whenever your web server gets compromised.. your data is basically compromised as well? The only solution would be to encrypt the files with a key only known to the user, but in practice this comes with a lot of "usability" cons : data irrecoverable if the user forgets the key, user needs to keep safe a long encryption key on top of his password, etc.

Any comments to shed some light on this topic for me?

Thanks very much

Xiong Chiamiov
  • 9,384
  • 2
  • 34
  • 76
Buno
  • 111
  • 1
  • 2
    Possible duplicate of [Encrypt user data on DB](https://security.stackexchange.com/questions/173381/encrypt-user-data-on-db) – Hector Nov 15 '17 at 17:11
  • See the referred answer. The problem is either your server has to have some way to encrypt/decrypt the data with a key stored on it or the user has to be the only one with access to the data. With the latter if they lose the keys its gone. One option is allowing users to backup their keys. – Hector Nov 15 '17 at 17:14
  • Thanks - though I'm wondering then, what would be the benefit of hosting files with a 3rd party provider (let's say AWS), even using their own key management service? If someone gained access to your webserver, surely they could get the credentials you use to connect to AWS, and from there retrieve your files and keys ? – Buno Nov 15 '17 at 17:24
  • It seems to me that [Does storing user files in S3 ensure that my server is secure from user uploaded malware?](https://security.stackexchange.com/q/149634/16960) is a more related question. – Xiong Chiamiov Nov 15 '17 at 17:48
  • I've also edited your question a bit to bring out what I think is the actual specific question we can answer, which is why you would want (for security reasons) to put user files on S3 or similar instead of keeping them on your webserver. The broader question of "how do I store user files?" is a bit too broad to answer in a single answer, so would probably get put on hold. – Xiong Chiamiov Nov 15 '17 at 17:52

0 Answers0