Sensitive information sent insecurely - Python

Sensitive information sent insecurely - Python

Need

Secure transmission of sensitive information

Context

  • Usage of Python 3 for scripting and software development
  • Usage of Django for building web applications in Python

Description

Non compliant code

        from django.http import HttpResponse
from django.views import View

class SensitiveInfoView(View):
    def get(self, request):
        sensitive_info = "This is some sensitive information"
        return HttpResponse(sensitive_info)
        
        

In this Django view, we are sending sensitive information back to the client in the form of a HTTP response. This is vulnerable because the information is sent in clear text over the network, which means that it can be intercepted and read by anyone who is able to capture the network traffic. This is a violation of confidentiality and integrity as the data could be read, modified, or stolen by malicious actors.

The SensitiveInfoView class has a get method which is invoked when a GET request is made to the server. The sensitive information is stored in the sensitive_info variable and is then included in the HTTP response using the HttpResponse class. This response is then sent back to the client, potentially exposing the sensitive information.

This code does not use any form of encryption or secure transmission method (like HTTPS) to protect the sensitive information during transit. This means that the data is vulnerable to 'man-in-the-middle' attacks where the attacker intercepts the network traffic and gains access to the sensitive information.

Steps

  • Use HTTPS instead of HTTP to ensure the data is encrypted during transmission.
  • Use Django's built-in security features to protect sensitive data. For example, use the `@sensitive_post_parameters()` decorator to ensure that the specified POST parameters are not logged.
  • Consider using Django's `HttpResponseRedirect` to redirect to a secure page after handling sensitive data.
  • Avoid sending sensitive data in a GET request. Instead, use POST requests which are more secure.
  • Use Django's session framework to store sensitive data on the server side instead of sending it to the client side.
  • Consider using Django's CSRF protection to prevent cross-site request forgery attacks.

Compliant code

        from django.http import HttpResponseRedirect
from django.views import View
from django.views.decorators.csrf import csrf_protect
from django.views.decorators.debug import sensitive_post_parameters
from django.contrib.sessions.backends.db import SessionStore

class SensitiveInfoView(View):
    @sensitive_post_parameters('sensitive_info')
    @csrf_protect
    def post(self, request):
        s = SessionStore()
        s['sensitive_info'] = "This is some sensitive information"
        s.save()
        return HttpResponseRedirect('/secure_page')
        
        

The updated code now uses Django's built-in security features to protect sensitive data.

1. The @sensitive_post_parameters('sensitive_info') decorator is used to ensure that the specified POST parameters are not logged. This decorator will replace the value of the specified parameters with stars ('*') in any error reports that Django generates.

2. The @csrf_protect decorator is used to add cross-site request forgery protection to the view. This ensures that the POST request must come with a valid CSRF token, preventing cross-site request forgery attacks.

3. The sensitive information is now stored in a server-side session using Django's session framework, instead of being sent in the HTTP response. The SessionStore class is used to create a new session, store the sensitive information in it, and save the session. The session ID is sent to the client in a secure cookie, and the client sends back the session ID in subsequent requests to access the session data.

4. The HttpResponseRedirect function is used to redirect the client to a secure page after the sensitive data has been handled. This ensures that the sensitive data is not sent in the HTTP response.

5. The sensitive data is now sent in a POST request instead of a GET request. POST requests are more secure because the data is included in the body of the HTTP request, not in the URL.

By following these steps, the system now ensures the confidentiality and integrity of the sensitive information it handles.

References