Business information leak - Personal Information
Need
Protection of personal information from unauthorized access or disclosure
Context
- Usage of Python 3 for developing applications and scripts
- Usage of Django for building web applications
Description
Non compliant code
from django.db import models
class User(models.Model):
name = models.CharField(max_length=200)
id_number = models.CharField(max_length=200)
phone_number = models.CharField(max_length=200)
The above Django model represents a User with fields for name, id_number, and phone_number. The id_number and phone_number fields are being stored as CharField which means they are stored in plain text in the database. This is a serious security vulnerability as sensitive user information such as real ID numbers and phone numbers should never be stored in plain text. If an attacker gains access to the database, they would have direct access to this sensitive information. This could lead to serious consequences such as identity theft.
To fix this vulnerability, sensitive information should be encrypted before being stored in the database. Django provides ways to encrypt the data before saving it to the database. Also, it is recommended to use specific data types for storing specific information. For example, phone numbers should be stored as PhoneNumberField.
Moreover, the principle of least privilege should be applied. Only the necessary information should be collected and stored. If the application doesn't need to use real ID numbers and phone numbers, then they should not be stored in the database at all.
Steps
- Remove sensitive data like ID numbers and phone numbers from the source code.
- Instead of storing sensitive data in the source code, use a secure database to store this information.
- Encrypt sensitive data before storing it to ensure it cannot be read if accessed by unauthorized individuals.
- Implement access controls to limit who can access the sensitive data.
- Regularly audit your code and databases to ensure sensitive data is not being stored inappropriately.
Compliant code
from django.db import models
class User(models.Model):
name = models.CharField(max_length=200)
The original code was storing sensitive user information such as ID numbers and phone numbers directly in the source code. This is a serious security vulnerability as it exposes sensitive user data to anyone who has access to the source code.
The fixed code removes these sensitive data fields from the User model. Now, the User model only stores the user's name.
However, if you still need to store sensitive data like ID numbers and phone numbers, you should store them in a secure database, not in your source code. Before storing, make sure to encrypt this data to ensure it cannot be read if accessed by unauthorized individuals.
Also, implement access controls to limit who can access this sensitive data. Regularly audit your code and databases to ensure sensitive data is not being stored inappropriately.
Remember, protecting user data is not just about compliance with laws and regulations, it's about maintaining user trust.