I have a client who wishes an application in which he can manage profiles for candidates. The profiles will contain sensitive information and because of this I want to explore if Umbraco is secure enough to contain this information and if can simply add some functionality to enhance the security.
I have the following in mind:
1. I want to add two step authentication for Umbraco by sending a text message with a code to the user's phone. Would it be possible to alter the login process (into the backend) to add this extra step?
I also want to encrypt the data for candidates. Which that I would have to encrypt data when its saved and decrypt it when it's loaded. I know this is possible but how would you encrypt this, using just one hash for all the fields or a different hash for each encrypted field.
I also want to use https. Im guessing this is no problem?
A good place to start with this is analysing your local government's data protection laws, these are usually available on government information websites and you will be obliged to meet these standards by law.
As you would like to encrypt the data only for storage, then decrypt to view, you must use symmetric encryption. Symmetric encryption requires an encryption/decryption key to allow this to happen, if a malicious party is able to access the raw encrypted data, it is highly likely that they will also be able to access the decryption key, so when using any sort of data encryption, ensure that your data and encryption keys are at least on completely separate servers with as little in common as possible (especially usernames and passwords).
Using HTTPS is always a good start to securing your web traffic, though ensure you are using a SHA2 SSL certificate and not a SHA1, as SHA1 is now a crackable encryption algorithm.
The two factor would be entirely possible (having previously built a prototype with Twilio).
Overall it is certainly possible for you to manage sensitive data from Umbraco, but you will have to do quite a bit of development work in order to implement the required security level.
One thing to remember when building a secure application is it's not about keeping malicious parties out of your data and servers (although you should take every measure to ensure it is as difficult as possible), it's about how you handle it when they get in.
I have actually already looked the data protection laws, so I have at least that part covered already.
You mention that you would make sure that the data and the keys are on two different servers. I am planning to host this application on Azure which would mean the database would be on a different server and i could encrypt the connection string in the configuration file. Would that be enough separation between the application and the data?.
A profile will consist of about 100 fields of data, would you encrypt all of it and maybe use different keys for different groups of data or would that be overkill? Some of those field are probably not privacy sensitive but I want to be thorough.
Would you also store those keys in the same database?
I had actually already found Twilio, it's good to hear that you have some good experience with that tool.
I will also make sure to use a SHA2 SSL certificate.
Encrypted config files are a good idea, it would also be great if you lock down the IP's which are allowed to access your servers.
E.g only you web servers are allowed to access your database server etc. This could thin down the possibility of a remote attack by someone who was able to only download configuration information, but not gain control of the server itself.
Thanks for the Heads up, is there an eta of Umbraco 7.3 and the mentioned package? We would like to release the application around Christmas.
I just want to extend the standard authentication for the backend of Umbraco (/umbraco).
I wouldn't need a custom identity provider right? Just delay the actual authentication with by adding an extra extra step.
No worries, the project got postponed for now so it will give me some time.
If you could keep me posted on the status would be great, because this seems like s very interesting functionality for other projects as well.
Tightening security in Umbraco
Goodday,
I have a client who wishes an application in which he can manage profiles for candidates. The profiles will contain sensitive information and because of this I want to explore if Umbraco is secure enough to contain this information and if can simply add some functionality to enhance the security.
I have the following in mind: 1. I want to add two step authentication for Umbraco by sending a text message with a code to the user's phone. Would it be possible to alter the login process (into the backend) to add this extra step?
I also want to encrypt the data for candidates. Which that I would have to encrypt data when its saved and decrypt it when it's loaded. I know this is possible but how would you encrypt this, using just one hash for all the fields or a different hash for each encrypted field.
Thanks in advance.
A good place to start with this is analysing your local government's data protection laws, these are usually available on government information websites and you will be obliged to meet these standards by law.
As you would like to encrypt the data only for storage, then decrypt to view, you must use symmetric encryption. Symmetric encryption requires an encryption/decryption key to allow this to happen, if a malicious party is able to access the raw encrypted data, it is highly likely that they will also be able to access the decryption key, so when using any sort of data encryption, ensure that your data and encryption keys are at least on completely separate servers with as little in common as possible (especially usernames and passwords).
Using HTTPS is always a good start to securing your web traffic, though ensure you are using a SHA2 SSL certificate and not a SHA1, as SHA1 is now a crackable encryption algorithm.
The two factor would be entirely possible (having previously built a prototype with Twilio).
Overall it is certainly possible for you to manage sensitive data from Umbraco, but you will have to do quite a bit of development work in order to implement the required security level.
One thing to remember when building a secure application is it's not about keeping malicious parties out of your data and servers (although you should take every measure to ensure it is as difficult as possible), it's about how you handle it when they get in.
Hi Gary,
Thank You for your reply!
I have actually already looked the data protection laws, so I have at least that part covered already.
You mention that you would make sure that the data and the keys are on two different servers. I am planning to host this application on Azure which would mean the database would be on a different server and i could encrypt the connection string in the configuration file. Would that be enough separation between the application and the data?. A profile will consist of about 100 fields of data, would you encrypt all of it and maybe use different keys for different groups of data or would that be overkill? Some of those field are probably not privacy sensitive but I want to be thorough. Would you also store those keys in the same database?
I had actually already found Twilio, it's good to hear that you have some good experience with that tool.
I will also make sure to use a SHA2 SSL certificate.
Thanks!
Encrypted config files are a good idea, it would also be great if you lock down the IP's which are allowed to access your servers.
E.g only you web servers are allowed to access your database server etc. This could thin down the possibility of a remote attack by someone who was able to only download configuration information, but not gain control of the server itself.
We're planning on building a package to handle this, but we will wait when 7.3 is final.
Hi Jeffrey,
Thanks for the Heads up, is there an eta of Umbraco 7.3 and the mentioned package? We would like to release the application around Christmas.
I just want to extend the standard authentication for the backend of Umbraco (/umbraco). I wouldn't need a custom identity provider right? Just delay the actual authentication with by adding an extra extra step.
Hi Bunnynut,
a bit of a late reaction; but we don't have any release date planned... No evan a guess actually :S.
I will keep you informed when we've started developing.
Greetings Jeffrey
Hi Jefrrey,
No worries, the project got postponed for now so it will give me some time. If you could keep me posted on the status would be great, because this seems like s very interesting functionality for other projects as well.
Thanks in advance,
Bas
is working on a reply...