November 1, 2019  by

System Design Tip 1 – Exposing production data

Should you expose production data, to make user’s lives easier?

Exposing production data is a dilemma I come across when designing front-end applications. It can make your user’s lives easier and yield better data. Though it does have some security risks that need to be considered.

 

Example

You are designing a car insurance online application form. The form asks the customer for their membership number, to help process their application faster. There are a few logical options you could take to help the user fill in the form.

 

Option 1: You could make the membership number field a free text field, with minimal validation. The staff member would need to manually check to see if the membership number is correct after submission. You could not guarantee that the membership number is correct every single time or it’s even their number.

 

Option 2: You could make the membership number a look-up field. Which makes a query to the membership database. Then cross checks the surname and if found confirms the number as existing/valid. The staff member could be assured the membership number is legitimate. The system could even go so far as pre-populate some data for the user (postal address, DOB, contact number etc).

 

Option 3: You could put a format validator on the membership field. Ensuring the membership number is potentially theirs, correct and valid. Yet, no guarantee can be made that it is still active or it is the users correct membership number.

 

The obvious risk with option 2 is that there is a potential security risk. Sensitive data could be exposed when querying a database. Alone, these account numbers might not be able to be used to commit fraud. However, it does mean for both the user and the staff member they get good quality data. This means fast processing time for the customer and good quality data in the system.



Counter argument

A good counter argument for exposing production data, would be the card validation checks for VISA and MasterCard. These companies perform a format check on the credit card number. They query their production data sources to see if the card is real. The combination of card number, expiry date and CVC are enough to protect them from hackers from brute force attacks. However, brute force attacks on an eight digit membership or account number, wouldn’t be as difficult. And thus, poses a security risk.

 

Questions to ask yourself

There are security risks that should be considered. The questions to ask oneself include:

  1. What could a potential hacker do with that information?
  2. What combination of information does a hacker need to achieve POI (proof of identity) or access to the customer’s account?
  3. Can we perform a format check instead of a database query?
  4. Do the benefits outweigh the risks? The below diagram will help with risk assessment.

Risk matrix

My tips

  1. Where the security risk is low make efforts to ensure you capture quality data. This might mean exposing your database to queries about customer account details.
  2. Try validating based on object formatting instead of on production data.
  3. Find the balance between strong security and good user experience. With security being the number one priority.

in Software Design 0 comments