With international Data Privacy Day upon us, now is a good time to review how data is protected and kept private by the services and products that you use. In particular, databases and the software products that access them should be scrutinized for their attention to security. The SymmetricDS project, the open source data replication software where I contribute both my time and code, recognizes how important it is to protect data. To help bring awareness to the security and integrity of data, let’s review some essential features in SymmetricDS that make it secure software for databases.
Encryption
Encryption protects data by encoding it in a way that only someone with authorization can access it. SymmetricDS uses encryption when it accesses the database, extracts changes, and sends them across the network. With the unlimited strength policy is installed, it can use encryption considered to be strong, such as AES-256 and TLS 1.2 with 256-bit AES-GCM. To start with, the credentials used to access the database are encrypted in a file accessible only to SymmetricDS. The database connection itself can use encryption with a driver setting on most platforms. When changes are extracted from the database, they are stored in a staging area that can be compressed and encrypted. To send the changes to a remote database, it uses encrypted web protocols.
Authentication
Authentication is the act of verifying the true identity of a person or process. With authentication, we can protect who has access to data. Before SymmetricDS can replicate data with a remote node, it must send its node ID and password to prove its identity. When a user accesses the replication web console (included with SymmetricDS Pro), they must login with a user ID and password. User roles determine what screens the user can view and if they can make changes. Passwords are stored as one-way hashes, expire periodically, have a minimum length, and must meet entropy guidelines. The security is layered, with the service itself using its own account, as well as a separate account to the database.
Integrity
Another form of data protection is ensuring the integrity of data — that data is replicated exactly with no loss. SymmetricDS uses transactions in the database to guarantee data is committed along with its status. If the network or power is lost, the transaction is rolled back, and it will be tried again. The order of changes and how they commit together is also preserved, so changes are played back the same way on the target database. By using transactions, the system guarantees delivery of data that has integrity.
Secure Coding
The development team follows secure coding practices, scans for vulnerabilities, and reviews code together. One of the most well known resources we use is the Open Web Application Security Project (OWASP) community, who provide free documentation, guides, and tools for making code secure. We also use tools that perform static code analysis, like FindBugs Sec, and scan for vulnerabilities, like Nessus, to help automate code auditing. Last but not least, we review code together, which not only helps identify security issues, but improves the quality of code.
The SymmetricDS team uses software technologies and coding practices to keep data secure and protected. If you work with data, let this holiday be the impetus to learn how to handle and protect it!
