Last week, security firm Appthority published a report titled HospitalGown: The Backend Exposure Putting Enterprise Data at Risk, which highlighted newly-discovered vulnerabilities between mobile apps and insecure backend databases containing enterprise data. The vulnerability is caused not by code in the app, but by the application developers’ failure to properly secure the backend servers with firewalls and authentication.
Appthority cited a number of exposures on multiple backend platforms, with an early iteration of the report mentioning Couchbase. However, after subsequent review, researchers realized the inadvertent inclusion and offered the following statement to Couchbase:
While our research team did analyze Couchbase servers found in the wild, we found that they all required authentication…Couchbase was listed inaccurately when a CouchDB hosting provider was meant instead.
This is the same authentication my colleague Wayne Carter wrote about in a previous blog titled 카우치베이스 모바일로 분산형 데이터 보안 문제 해결
Security is a forethought for Couchbase — something we’ve built-in at the outset vs. tacked on as an afterthought. Building it in this way also helps take the onus off of the developer.
On the authentication side, we support pluggable authentication including out-of-the-box support for popular public login providers like Facebook and standard OpenID Connect (OIDC) providers. In addition, developers can write their own custom provider. Developers can also restrict access to the system to successfully authenticated users or optionally allow anonymous users.
But wait, there’s more.
As Wayne wrote previously, there’s an expectation that apps should always work – with and without an internet connection. Delivering on this expectation requires access and storage of decentralized data directly on a device. Managing decentralized data introduces a number of security risks that are critical to manage, which is what the Appthority researchers discovered. In addition to user authentication, there are four other key security concerns when working with data storage and transport:
- 데이터 읽기/쓰기 액세스
- 유선 데이터 전송
- 디바이스의 데이터 저장소
- 클라우드의 데이터 스토리지
카우치베이스 모바일은 이러한 문제를 해결합니다.
- For 데이터 읽기/쓰기 액세스 개별 사용자 및 역할에 대한 데이터 액세스를 제어할 수 있는 세분화된 정책 도구가 있습니다. 읽기 권한은 문서 수준에서, 쓰기 권한은 필드 수준에서 제어할 수 있습니다.
- 유선 데이터 전송는 이동 중인 데이터의 경우 TLS를 사용합니다.
- 디바이스의 데이터 저장소, for data at rest on device, uses the device’s built-in File System Encryption and 256-bit AES full database encryption.
- 클라우드의 데이터 스토리지를 사용하여 클라우드에 저장된 데이터에 대해 파일 시스템 암호화를 사용하도록 Couchbase Server를 구성할 수 있습니다.
카우치베이스 모바일을 사용하면 전체 네트워크 및 애플리케이션 스택에서 데이터를 손쉽게 관리할 수 있습니다. 여기에는 클라우드, 휴대폰, 태블릿, 웹, TV, 자동차 등 모든 곳에서의 저장, 액세스, 동기화, 보안이 포함됩니다.
Where security is a euphemistic zipper, we are covering our customers’ backs.
