Improving Web Application Security: Threats and - CGISecurity

374 Part III: Building Secure Web ApplicationsProtect Sensitive Data in StorageIdentify stored data that requires guaranteed privacy and integrity. If you storepasswords in database solely for the purposes of verification, consider using a onewayhash. If the table of passwords is compromised, the hashes cannot be used toobtain the clear text password.If you store sensitive user-supplied data such as credit card numbers, use a strongsymmetric encryption algorithm such as Triple DES (3DES) to encrypt the data.Encrypt the 3DES encryption key using the Win32 Data Protection API (DPAPI), andstore the encrypted key in a registry key with a restricted ACL that onlyadministrators and your application process account can use.Why not DPAPI?While DPAPI is recommended for encrypting connection strings and other secretssuch as account credentials that can be manually recovered and reconstructed in theevent of machine failure, it is less suited to storing data like credit card numbers. Thisis because of recoverability issues (if the keys are lost, there is no way to recover theencrypted data) and Web farm issues. Instead, you should use a symmetricencryption algorithm such as 3DES and encrypt the encryption key using DPAPI.The main issues that make DPAPI less suited for storing sensitive data in thedatabase are summarized below:● If DPAPI is used with the machine key and you passCRYPTPROTECT_LOCAL_MACHINE to the CryptProtectData andCryptUnprotectData functions, the machine account generates the encryptionkeys. This means that each server in a Web farm has a different key, whichprevents one server from being able to access data encrypted by another server.Also, if the Web server machine is destroyed, the key is lost, and the encrypteddata cannot be recovered from the database.● If you use the machine key approach, any user on that computer can decrypt thedata (unless you use additional encryption mechanisms).● If you use DPAPI with a user key and use local user accounts, each local accounton each Web server has a different security identifier (SID) and a different key isgenerated, which prevents one server from being able to access data encrypted byanother server.● If you use DPAPI with a user key and you use a roaming user profile across themachines in the Web farm, all data will share the same encryption/decryption key.However, if the domain controller responsible for the roaming user profile accountis damaged or destroyed, a user account with the same SID cannot be recreated,and you cannot recover the encrypted data from the database.Also, with a roaming user profile, if someone manages to retrieve the data, it canbe decrypted on any machine in the network, provided that the attacker can runcode under the specific user account. This increases the area for potential attack,and is not recommended.