Hi!
I was asked if there is a way to prevent the Gemstone/Glass hoster from seeing the data... Is there a common practice to encrypt certain attributes/data? I guess this is a problem that might just occur on the Seaside/ZincRest cloud-ish projects?! Sebastian _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
On Thu, Feb 19, 2015 at 11:17 AM, Sebastian Heidbrink via Glass <[hidden email]> wrote: Hi! It's an axiom that if a black hat has "physical access to the machine", he has everything. If you are worried at that level, you need to provide your own data centre.
It is always a good idea to store critical, sensitive information encrypted (SIN, SSN, credit card, password, etc.). If you are worried about visibility of the data enroute, use https.
_______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
In reply to this post by GLASS mailing list
Hi Sebastian, In my case, I do a few things: 1) Use HTTPS everywhere possible rather than HTTP. I have nginx with SSL + fast cgi. Be sure to have the gemstone with the latest vulnerabilities fixed. 2) For user passwords I have 2 type... one way and 2 way encryption. For the first one, I use MD5 (for user login). For the latter I use a nice algo where I merge things of PasswordStoreSplit (which splits a password in pieces and pad the rest with random data) and Blowfish encryption. This is for some kind of passwords I must store and then decrypt to send them somewhere... And now..not related to encryption but with security and may help: 3) My app is deployed for each "site", which means a whole stone + gems. All gemstone processes of a particular site run under one particular OS user. Say... siteXXX... so all gemstone processes for that site XXX are run with siteXXX. And everything needed for the app (gemstone files, confs, pids, logs, locks, backups, app-custom-files, everything) is inside a particular directory that has 600/700 and ownership 'siteApp'. Of course 'siteApp' is not root and does not allow ssh (and sshd allows only certificate logins). 4) The gemstone user I use is NOT DataCurator and instead I use a particular gemstone user with custom permissions and password. 5) I change passwords of DataCurator and System and I rarely use them (only upon site creation) 6)I do not share multiple users (sites) in the same stone. 7) Provide by some means some kind of brute force protection. I have it at my app login level, at nginx and at fail2ban. I have more stuff but I think I am going of topic. Anyway...what I would really like is a way to obfuscate a repository (I don't want my client to have access to my app code) in the case I must deploy my app in client's server. Is this possible? Cheers, On Thu, Feb 19, 2015 at 4:17 PM, Sebastian Heidbrink via Glass <[hidden email]> wrote: Hi! _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
> On Feb 19, 2015, at 11:40 AM, Mariano Martinez Peck via Glass <[hidden email]> wrote:
> > Anyway...what I would really like is a way to obfuscate a repository (I don't want my client to have access to my app code) in the case I must deploy my app in client's server. Is this possible? See GsNMethod>>#’removeAllSourceButFirstComment’ James _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Free forum by Nabble | Edit this page |