DEV Community

Discussion on: What are some fundamentals of security every developer should understand?

Collapse
 
dmerand profile image
Donald Merand

The less data you store, the fewer security hazards you expose yourself to, and the safer your participants will be. Don't hoard data on the theory that it'll become useful - only save what you need, and question yourself every time you get into a situation where you think you need it.

If you must store data, especially sensitive data, don't ever store it in plain-text! Look into hashing algorithms like bcrypt.

Always give your participants the option to delete their data, and actually delete it when they ask you to.

Collapse
 
jjmpsp profile image
Joel Murphy

In Europe we must comply to GDPR which is coming into practise in the next few months. We’ve had to implement what you mentioned on every single system which holds more than one piece of identifying information about a user.

Collapse
 
dmerand profile image
Donald Merand

So it's not just a good idea, it's the law ;)

Collapse
 
namirsab profile image
Namir

What did you do, just hash or encrypt everything? We are facing the same right now.

Thread Thread
 
jjmpsp profile image
Joel Murphy

Not everything, just database tables containing personally identifiable information. You’ll want to encrypt this information rather than hash it, as you’ll more than likely need to retrieve it at a later date. Here is a good read which explains the legislation in more detail: techblog.bozho.net/gdpr-practical-...

Collapse
 
khophi profile image
KhoPhi

Always give your participants the option to delete their data, and actually delete it when they ask you to.

I agree. The idea of soft-deletes irks me. My personal data isn't a line in a log file which one would wanna keep for as long as possible.

I created an account, said my name is Rexford. Now I'm leaving, and say, delete that data, and then soft-deletes it?

It's so crazy of an approach not sure why it still exists.