Are databases hosted by third parties necessarily insecure?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Newbie question (s).

I may be building a web site for someone that might have to hold
private/senstive data.

A possible solution is to use MySQL, with a Secure Connection (SSL?). Many
commercial web hosting companies (third parties) offer MySQL and SSL

Does having my Clients database reside on a third party server violate a
fundamental rule of security: you must control physical access to your

Or can a reasonable level of security be achieved by hosting through a
trusted web host??

Re: Are databases hosted by third parties necessarily insecure?

Mellow Crow wrote:

Quoted text here. Click to load it

Honestly, my opinion on this is I would not house sensitive data on a third
party system. I just would not do it. It does not matter what the database
(or applications) are. Would the third party sign an agreement to be liable
should they get hacked and you lose your data? When they even tell you they
were hacked or just "sweep it under the rug"? They are way to many problems
when it comes to sensitive data and third parties. Remember only a couple
of states have laws requiring clients getting notified due to a computer

In short, private/sensitive data should reside on your system not someone

"Trusted Computing" is a SCAM

Protect your rights / /

Re: Are databases hosted by third parties necessarily insecure?

Michael Pelletier wrote:

Quoted text here. Click to load it

Some example problems:
Quoted text here. Click to load it

Your prompting me to think of other cases: The certainly wouldn't tell you
if they (someone in the employ) hacked into their own server.

Quoted text here. Click to load it

Thanks Michael. That matches with my thinking.

Re: Are databases hosted by third parties necessarily insecure?


Quoted text here. Click to load it
In a sense it depends, as does everything in the security field, on
how much you are prepared to pay and your risk profile.  What you are
proposing is similar to the IBM e-business model that they are
marketing (and other big names, but I'm most familiar with the IBM
model).  What you may lose in not physically owning your site can be
compensated for by the other services IBM can provide.  It's your
choice how you spend your dollars & the security that it buys.

There is no set of fundamental rules in security that will
automatically break your application if not followed.  Each rule is a
strong suggestion of good practice, but each rule has exceptions.  It
is the security proponents (often difficult) job to assess the risk of
each business model against this and against the costs to determine a
most effective solution.

Re: Are databases hosted by third parties necessarily insecure?

Mellow Crow wrote:
Quoted text here. Click to load it
No, you can have secure data hosted on 3rd party site however connection
should be restricted host should be configured to only communicate with
the web front end, and the application (web host) should be tested
extensively with something like spi dynamics web inspect to ensure
applications are not susceptible to buffer overruns, etc.

The web host and data hosts should be behind a secure firewall with
ports only opened to where required.  All DB pipes need to be specific
to/from db/web host with ports aliased to odd ports.

You should add  a secure socket inside the ssh or vpn shell and store
data within the DB with a high security single key algorithm.  The key
needs only to reside with the data relay host.  Keyed connectors need to
be used between the web host and relay host and between the relay host
and the db.  There are several tools that can facilitate this type of

Ideally you use a data relay host behind the web server that is only
exposed to the web server and the db host.  No live sensitive data
should be stored on the exposed web host.  The web host would only have
the specific port exposed required for transaction (typically 443). By
keeping the transient data off the exposed host and on the relay host
only as long as transmission is confirmed and checked (checksum
encrypted data and provide checksum in reply, you can expect reasonable
data surety.

Additionally contract with DB host provider should ensure systems remain
patched with only required services run on the specific host in
question.  Communication restrictions should be ensured, specify backup
intervals and system uptime and disclosure.

MS SQL can be operated securely, but the most dangerous piece of this
scenario is the actual web host that is directly exposed.  It is not
something that should be set up by an amature. It requires someone to
stay on top of server, ensure patches are placed on system
appropriately, and that applications work after the system is patched.
Communication restrictions should not only be placed via the web
application, but within the OS itself.  Like all of the other servers,
configured with only the absolute minimum required services running.

You will probably want to open specific administrative pipes to the DB
server, but you will want to keep the pipes at a minimum. because you
are running relayed keyed pipes compromise of the web host will reduce
the likelihood that a hacker can break through to the db store.
Administrative consoles must be kept secure. By testing you applications
to ensure things like buffer overruns can not corrupt your data chain
you reduce the likelihood the data store can be compromised.  Encrypting
the data store you reduce the likelihood that the db managers can
compromise the data as an inside job or tape loss.

While this sounds complex, it is not that difficult to implement, and
does not create significant latency.  We have servers doing over 10000
transactions per minute with no significant issues although we host our
own db server which lives in it's own DMZ segment.  By performing the
data encryption on the data relay server and redundant data check (web
server checks data first time, relay server also ensures data lengths
are appropriate.

The last piece required is IDS to alarm Admins if certain activities are
occurring. And someone who is competent, should review IDS logs,
firewall logs, configuration, and server logs daily.



Site Timeline