Persistence Application Security
When we save data, we need to think about what the lifecycle for that data should be. How and when will it be backed up? What if we need to delete data contractually? How do we balance these at-odds concerns?
Sensitive data needs to be stored in a proper way. That generally means it should be avoided if possible, encrypted when necessary and never logged.
When we talk persistence, we are often talking about queries. Whether these are SQL or NoSQL, allowing users to alter the structure of a query through injected input is a universal concern at this tier. User input should always be handled in such a way that the input is only a string value that may be compared, but never becomes part of the query. In SQL, this is generally done with parameterized queries.
Resources
Support or Contact
Having trouble with the developer pages? Help us update them or [email protected] and we’ll help you sort it out. See something wrong? Get involved and help us fix it!