encrypting hidden variables in JSP
We've got user SSN's in jsp's that show in source code of an html page as:
<a href="onclick:submitsomeform(123456789)"
In order to avoid this, I made couple of methods called getEncryptedSSN()
and getDecryptedSSN()
which could be called from the JSP. These methods made use of the javax.crypto
to encrypt/decry开发者_开发问答pt the ssn string, however, this import is "disallowed"
by the setup coding standards. So now I'm out of options on how to avoid showing the SSN in the view source of HTML. We can not go the route of not passing the SSN in form submit because in the DB, the SSN field is the only primary field.
Are there any other ways to simply encrypt/decrypt a string in java w/out using javax.crypto
?
Obviously, having an SSN as a primary key is bad -- but you may not be able to change this.
Have a look at this OWASP page: Insecure Direct Object References:
Preventing insecure direct object references requires selecting an approach for protecting each user accessible object (e.g., object number, filename):
- Use per user or session indirect object references. This prevents attackers from directly targeting unauthorized resources. For example, instead of using the resource’s database key, a drop down list of six resources authorized for the current user could use the numbers 1 to 6 to indicate which value the user selected. The application has to map the per-user indirect reference back to the actual database key on the server. OWASP’s ESAPI includes both sequential and random access reference maps that developers can use to eliminate direct object references.
- Check access. Each use of a direct object reference from an untrusted source must include an access control check to ensure the user is authorized for the requested object.
I have used the Access Reference Map from their ESAPI -- it was pretty straightforward. Our unique IDs were simply replaced with random strings, which were tied to a user's session.
One obvious option is to just write your own encryptian function. You probably aren't going to write something as secure as the big-time security folks have come up with, but depending on the context, something simple might be adequate, i.e. something that would frustrate the casual snooper, and accept that if the CIA or Mosad or whoever is trying to crack your encryptian, they'll figure it out in minutes. I don't know how big a target you are for hackers. If you're working for a bank or the IRS or something where lots of people might well be trying to intercept your transactions and the consequences of interception are high, forget it, you want industrial-grade security. But if you're working for Joe's Pet Care Advice Swap Forum and there's no particularly sensitive information involved other than the SSN itself, and there's no great number of enemies out to get you, a home-grown solution might be adequate.
You should be encrypting your SSN on the database side due to its sensitivity. SSN should not be stored as plain text values because they are fully visible for hacker access. Look at SONY, and the many more companies getting hacked.
I would say encrypt them in your database using database encrypt functions. I don't know what database you are targeting MySQL or Oracle or etc). You then can just use the encrypted SSN from the database. Here is a mysql reference: http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html
精彩评论