Find solution
What risks do I have to consider when encrypting server side as opposed to client-side?

What risks do I have to consider when encrypting server side as opposed to client-side?

  • I am looking at encrypting user data however performed on the server as opposed as on the client. What risks do I have to consider and if so how do I limit such risks? The reason we are looking at server side encryption is to limit exposure on the client side to trojans, key loggers, etc EDIT The data would be sent over SSL and then encrypted on the server. This would limit or alleviate any sniffing. The term data is also used to describe files, etc

  • Answer:

    You say you want to use server-side encryption to limit exposure to client-side malware. That makes no sense. If there is malware or spyware on the client, then you are hosed either way. Encrypting on the server doesn't help, since the data still exists in cleartext on the client, and so the client-side malware/spyware can capture the cleartext data. I think you need to revisit your requirements and your approach. If you are worried about client-side malware, I can see only two options: (1) ensure that sensitive data never reaches the client in cleartext, or (2) implement defenses to reduce the likelihood of malware on the client side. Encrypting on the server side doesn't really help. Sending the data from the client to the server and then encrypting on the server has all the security risks of client-side encryption, plus some additional risks: If the server is compromised, or if any of the accounts of your employees are compromised, then the attacker gets access to the data. (Twitter got hosed by the latter. Many companies have gotten hosed by the former.) Because you technically have the ability to decrypt the data, it now means you can be subject to subpoenas, warrants, or demands from law enforcement to decrypt the data if they want/need access. If you are a small operation, this might not be a big deal, but at a big operation, this might start to create some compliance costs for you. If the attacker can mount a man-in-the-middle attack (e.g., attacking a user who is connecting over open wifi), and if the user clients through SSL cert warnings, then the attacker can gain access to the sensitive data. One advantage of server-side encryption is that it enables you to do key management on the server side, reducing the burden on users. For instance, if users lose or forget their keys, you can recover it for them. Another possible advantage of server-side encryption is that the time window when the data exists on the client side in cleartext might be reduced, which might reduce the exposure to data breaches if, e.g., the client machine is stolen or lost. However this advantage may be fairly modest in practice, and there may be better solutions to this issue (e.g., full-disk encryption).

PeanutsMonkey at Information Security Visit the source

Was this solution helpful to you?

Other answers

I'll start with a simple authentication system. You ask the user for his login/password, that you send to your server. In the server, you hash the password to compare it to the database (I won't talk here about the importance of hashing a password and using salt & pepper). No, using a non encrypted (SSL) connection, someone between your user and your server can read the transmitted data (known as Man In The Middle attack) and know your user password. For that, you can use a SSL connection to protect your user from being read while sending data to the server. It's the best secured way so far (again, I won't talk about the limitation of SSL here). But an other alternative can be made. You can hash the password using md5/sha directly in your user's browser and send you the hash. Some Javascript libraries exist for that. But you need to remember that not all your users will have javascript enabled (except you force them to use it). Moreover, using this method, you won't be able to add a salt and pepper without compromising the overall security. Moreover, don't forget that this won't protect you agains't keylogger, trojan and others. Just MitM attacks. Now, for the file upload. The default file upload of the browsers, I mean <input type="file" /> won't send data encrypted. If you want to do so, you'll have to implement a Java or Flash system for uploading file that will encrypt the data before sending them to the network. Again, this won't protect your users if they have a virus on their computer. Remember that the ideology between client <-> server is their relation between them. You can't protect your user from having viruses, you can only improve the security in the link between client <-> server and also your server. Now, if you want to protect your server for malicious code upload, enabling security in the client side will be useless. You can't never trust what users sends you. Even if you build the most sophisticated html application, someone will be able to send you data without using this app. All you have to do is improve security in your server side : checking if the file sent is the correct type by checking it's mimetype (with the right tool, not only the extension!). Always refuse files that can be executed (.exe, .sh, etc) and more over, be sure on what to do with those files. (You can allow upload of .php files, but you must put them on a directory where they can't be executed from a remote location!)

Cyril N.

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.