Application Code and Input Data Don’t Mix
May 5, 2009
It has been a long, long time that I have wanted to write this post.
But I couldn’t. Quite simply, what had been done was so damned dangerous that I did not even want to mention it; until it was fixed.
Happy to say! It is finally complete.
There are many industries that publish and subscribe to what we call data feeds. These could be market data feeds, financial data feeds, any data that you write a bit of application code to receive and place into some context within your organization.
In our case, some of our suppliers crunch boatloads of data in mainframe computers, and pack it up and ship it to our servers. Our development team then has programming code to read that data feed information and update records in various databases.
Now, in order to dump that raw data on our servers, these suppliers need a key (user ID and password) to a piece of my IT server house.
At some time in the past some of our developers put the programming code that grabs that data,tweaks it, beats it up, and squishes it into a database in the same location that the supplier was placing the data.
And Why is this a problem?
Thanks for asking! Let me show you!
I mentioned that to put that data on the server, the suppliers needed a user ID and password, plus the ability to write data into that area. In other words, they have a key to the house.
Imagine that our programming code runs automatically at 3 AM each and every day, and is called PROCESS_DATA_FEED.EXE, this little program does the following;
step 1: check to see if data feed has arrived
Step 2: If data feed has arrived then;
Step 3: squish the data into a database
Now – because that supplier has the key to my house, accidentally, or maliciously, they (or any one) could put anything on that server.
I write a program that does the following;
Step 1: Delete all data it can find
Step 2: go to hacker IP address and download malicious virus or trojan software
And imagine that I call that program the same name, PROCESS_DATA_FEED.EXE – and then I replace the real program on my server.
When that program automatically runs at 3 AM…….
The SMB Takeaway
There is a reason our mailboxes are on the outside of our houses.
When you need to open a mailbox to receive this type of data – keep any application code outside that mailbox. Somewhere that only you have the keys.
You can get updates to this blog by clicking the RSS icon on the Home Page!