Web to Database Connection Standard
Purpose
This standard defines the appropriate practices for connecting a web application to a database.
Brief Description
Connections from web pages and applications to databases are an important aspect of providing dynamic content to users. Web Services strives to maintain the integrity of its web servers and all systems with which they interact. To achieve this, certain principles of operation govern these connections.
Details
Databases provide much of the power behind dynamic content for web pages and applications. They also provide new vectors for web site compromise. The following principles apply to all database connections made from web pages and applications hosted on Web Services’ systems:
Supported Database Types
- Web Services supports connections to the following Purdue-IT-administered databases:
- Microsoft SQL Server
- Oracle
- MySQL
- Connections to non-Purdue-IT-administered databases may work, but are not supported.
- Databases stored on web servers (e.g. Microsoft Access) are strictly prohibited!
Security Requirements
- Database connections to Purdue-IT-administered databases must be encrypted. All other database connections should be encrypted whenever possible, and in some cases must be encrypted depending on data classification.
- Database passwords shall never be put in email, tickets, or any other unencrypted written electronic communication in compliance with University policy and associated best practices documents. Passwords may only be communicated over the phone, in person, or using another University-approved method.
- Web Services will not provide database password information to anyone. The developer must contact the Database Administrator, Data Steward, or Database Owner for this information.
- Efforts must be made to guard against SQL injection and other web-to-database attack vectors. Vulnerability scanning software is available from Purdue System Security (PSS) for use in identifying and correcting such vulnerabilities before code is deployed to production.
Connection Definition Best Practices
- Database connections should use a separate account dedicated to web access. This account should have minimal privileges in the database.
- Open connection interfaces (such as ODBC and JDBC) are recommended where supported. Some of these interfaces use Data Source Name (DSN) definitions that are managed by Web Services and can be created or changed upon request.
- Developers may choose to use alternative connection interfaces provided by their chosen programming language. If so, all information related to the connection to the database is the responsibility of the developer. Web Services does not manage these connection definitions.
- Whenever the platform allows, files containing database credentials or other sensitive details should be stored outside of the web document tree to prevent inadvertent exposure of the information they contain. Web Services provides (or will provide on request) a DATA directory specifically configured outside the web document tree that is still accessible to web applications and can be referenced by the site.
- Certain configuration files containing database connection information, such as IIS’s web.config and WordPress’s wp-config.php, must reside in the web document tree but are protected by other application security measures. Such applications, if not already scanned for vulnerabilities, should be scanned prior to deployment to production to ensure the built-in safeguards work as designed.
Roles and Responsibilities
- Data Stewards and Database Owners are the authorizing contacts for connections from web applications to databases.
- Database Owners are responsible for requesting new databases unless the database is required by a Web Services hosting platform (i.e. WordPress).
If the above principles conflict in any way with the policies and standards of Purdue University, the Data Steward, the Database Owner, or the Database Administrator, the stricter shall prevail.