Friday, February 22, 2013

Securing Information In Your Database - Introduction

As a security precaution, it is important to not save any sort of sensitive information in clear text in your database. This can be information such as an email address, a social security number, answers to secret questions – or anything that would be considered sensitive data for the user.

For most people, it is surprising how a little bit of information can lead to malicious attacks. They use the same account names, emails, passwords, and secret questions for all of their accounts, so if you get one, you probably have them all.

I’ve seen an unfortunate amount of sensitive information stored in clear text from applications I have worked on. When I ask why it is done this way, no one has an answer. The response is always “it is just always the way it has been.” I don’t find this to be an acceptable answer as when you do your initial design, you know it needs to be done.

My next few posts will talk about encryption, hashing, and security in general.