Home : Topics : Security : Information security
Software security
Information security
Handling secure information
Scare stories
< Previous: Software security

Information security

Some of the information on your Web site may need to be stored securely. You should pay particular attention to the way this information is stored. The first step is to decide exactly which information needs special attention.

General personal information

If you store personal information about other people, then (apart from your legal responsibilities, for example under the Data Protection Act in the UK) you should consider the importance of that information.

For example, a person's name is generally not particularly critical information - but if, for example, you provide a confidential resource such as information about homosexuality, it could be catastrophic if the information is revealed.

Credit card details

Credit card details always need to be treated with the utmost care. There are many examples of sites which have lost large numbers of credit cards; the cards are then used for fraud. In a famous example, the site 'CD Universe' had hundreds of thousands of credit card details stolen; these details were posted to the Internet.

Secure site information

Some sites may include information on their own behalf, not for users, but which is nevertheless security-critical. For example, a company Web site might contain financial information about the company which should not be visible outside the company.