Personal Data and Enhancing Application Security.
Introduction
In today’s digital age, the protection of personal data is of utmost importance. Whether you’re a developer or a non-technical individual, understanding how to handle sensitive information, secure passwords, and authenticate to databases is crucial to ensure the privacy and security of users. Let’s us understand fundamental concepts of Personally Identifiable Information (PII), non-Personal Identifiable Information (non-PII), logging, password encryption, and database authentication with clear examples and explanations.
1. Personally Identifiable Information (PII)
Personally Identifiable Information (PII). PII refers to any data that can be used to identify an individual. Examples of PII include names, addresses, phone numbers, email addresses, and social security numbers. As developers, we must be cautious not to inadvertently expose or store PII in an unsafe manner, as it can lead to severe privacy breaches and identity theft.
2. Non-Personal Identifiable Information
What is non-PII? Non-personally identifiable information (non-PII) is data that cannot be used on its own to trace or identify a person.
Examples of non-PII include, but are not limited to:
- Aggregated statistics on the use of product / service
- Partially or fully masked IP addresses
3. Implementing a Log Filter to Obfuscate PII Fields
Logging is a valuable tool for understanding what’s happening in our applications. However, it’s essential to avoid logging sensitive information like PII in plaintext. To address this, we can implement a log filter that obfuscates PII fields before logging them.
Let’s see how this works with a Python example:
import logging
class PIIFilter(logging.Filter):
def __init__(self, fields_to_obfuscate):
self.fields_to_obfuscate = fields_to_obfuscate
def filter(self, record):
for field in self.fields_to_obfuscate:
if field in record.msg:
record.msg = record.msg.replace(field + '=', field + '=***')
return TrueLogging is a python module, so we import and, in this example, the PIIFilter class takes a list of fields to obfuscate. When applied to a log record, it searches for occurrences of specified fields and replaces their values with asterisks (*). This way, we can log useful information without exposing sensitive data.
4. Password Encryption and Validation
Passwords are essential for user authentication, and we must store them securely to prevent unauthorized access. One way to achieve this is by using password encryption.
Let’s explore how to do this with the bcrypt module package in Python:
import bcrypt
def encrypt_password(password):
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
return hashed_password.decode('utf-8')
def validate_password(input_password, hashed_password):
return bcrypt.checkpw(input_password.encode('utf-8'), hashed_password.encode('utf-8'))In this example, the encrypt_password function takes a plaintext password, generates a salt, and then hashes the password with bcrypt. The validate_password function takes an input password and a hashed password, then checks if they match.
5. Authenticating to a Database Using Environment Variables
Database credentials are sensitive pieces of information that should not be hardcoded in the source code. Instead, we can use environment variables to store them separately, adding an extra layer of security.
Let’s see how we can do this. Using os module. so we first import os.
import os
def connect_to_database():
db_username = os.environ.get('DB_USERNAME')
db_password = os.environ.get('DB_PASSWORD')
# Example: connect to the database using retrieved credentials
# db.connect(username=db_username, password=db_password)In this example, the connect_to_database function retrieves the database credentials from environment variables and uses them to authenticate to the database. This way, even if someone gains access to the source code, they won't be able to see the actual credentials.
In Conclusion.
Understanding how to handle and implement these concepts is vital for every developer. By following these best practices, you can ensure the privacy and security of your users’ data and enhance the overall security of your applications.
NB. Always be mindful of the data you handle and adopt these practices in your projects. Implementing security measures from the outset can save you from potential data breaches and protect the trust of your users. Happy coding and stay secure!
Below are references to the resources that helped me in understanding this concepts. If you would like to connect with me you can do so on LinkedIn Myra Jarenga, you can also send me a DM on Twitter @myrajarenga for us to chat more on this topic. You can support me by following me on this blog. Thank you.
References.
Personally identifiable information: PII, non-PII & personal data (piwik.pro)
logging — Logging facility for Python — Python 3.11.4 documentation
pyca/bcrypt: Modern(-ish) password hashing for your software and your servers (github.com)
