Back to Security Pattern Catalog
: Core Security, Information Disclosure
Firewalls provide protection of data stored in a server by limiting access to it. However, data can still be accessed by hackers. The extreme option to protect data in server is not to store any sensitive information at all in server. This is infeasible, because the server needs to keep state. Since firewalls do not provide security at data level, there is need of some additional security in this level.
How can server data be protected from unauthorized access ?
Encrypt critical data before storing them in the server. Decrypt data in memory before they are used by the server. Use a single key for encrypting all the data and periodically alter it if possible. This involves decrypting all data stored with previous key and re-encrypting it with the new key. If this leads to an availability problem, use a large encryption key that is difficult to compromise.
UNIX password file hashes the password and stores the hashed form.
Kienzle et. al. Repository
Client Server, Confidentiality
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz