0

For an API request to my application, I store the data in the request object temporarily in an XML file before it is pushed to the database. Although the XML files are stored on a secured server at a firewall-protected data center, should I look to encrypt the data in the XML files to make it more secure? What are the best practices here?

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 1
    What are you defending against? If it's the entire world, your question is too broad. –  Jun 14 '14 at 20:27
  • Agree with @JanDoggen. In addition, what type of data is in those XML files? If it's just request data with no PII, and not high impact if the data were stolen, it may not even be worth the cost if you can protect it using access control, etc. So in order to provide a solution, three things definitely need to be known: 1) What's in the data, 2) What are the threats to protect against, 3) What is your architecture at a high-level at least. – Omer Iqbal Jun 19 '14 at 01:12

1 Answers1

4

Encryption does not produce security, it concentrates security. Namely, encryption will help in keeping data confidential from people who don't know the decryption key. Your application, though, must know that key in order to decrypt the data again before pushing it to the database.

An important first step is to define your attack model. What are the attackers trying to achieve, and what can they do ? For instance, you may use the following:

  • Attackers want to learn the contents of some requests. This is a problem even if the request is old.
  • Attackers can recover old hard disks by practicing dumpster diving.

Then, in that situation, if you write the XML requests to files on your disk (even temporarily), attackers may obtain from an old discard disk some confidential data. Encryption may help, but only if done properly and, crucially, only if the decryption key is not itself written to the same disk. Alternatively, you might want to configure a RAM-based "disk" on your system so that the XML files never reach a physical medium in the first place.

If your model is more about attacker temporarily hijacking your server through some vulnerability, then encryption won't help, because the server must know the key -- thus, it becomes known to attackers as well.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475