Skip to content

b4rtaz/anti-data-leak-pattern-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

admin-client

admin-client

 
 

credit-card-charging-service

credit-card-charging-service

 
 

images

images

 
 

user-client

user-client

 
 

web-service

web-service

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

database.sql

database.sql

 
 

Repository files navigation

Anti Data Leak Pattern

This repository is an example project for the article "Anti-Data-Leak Pattern for Web Services".

(...) Current cloud services look similar; each has a database, which stores every sensitive data in plain text, credit card numbers, PIN codes, or personal ID numbers. To get all of this information, hackers must gain access to the database. Of course, this isn’t easy, but if they achieve it, they have every information that people sent to the service. The next significant weakness of this architecture is that many people can access the infrastructure. Developers, network administrators, back-up team, or cleaning staff, have access to the server. That gives thousands of attack vectors.

With the help of asymmetric cryptography, we can prevent many attack vectors, and make the theft of database resistant to data leak. (...)

📰 Read the full article here

user-client tested on:

Installation

  • Install Apache + MariaDB + PHP 7.3+ (e.g. XAMPP).
  • Install/activate GMP extension for PHP.
    • For XAMPP you should uncomment the line ;extension=gmp in ~/xampp/php/php.ini.
  • Install Composer.
  • Install NodeJS.
  • Install Angular CLI.
    • npm install -g @angular/cli
  • Download this repo to ~/htdocs/anti-data-leak-pattern folder.
  • Create a empty database anti-data-leak-pattern.
  • Import the database structure from the file database.sql.
    • mysql -u USERNAME -p anti-data-leak-pattern < database.sql
  • Install web-service dependencies.
    • cd web-service
    • composer install
  • Set your database user/password in web-service/settings.php.
$settings = [
    # ...
    'db' => [
        'dsn' => 'mysql:host=localhost;dbname=anti-data-leak-pattern',
        'username' => 'USERNAME',
        'password' => 'PASSWORD'
    ],
    # ...
];
  • Install admin-client dependencies.
    • cd admin-client
    • composer install
  • Install user-client dependencies and build the client.
    • cd user-client
    • npm install
    • npm run ng build

Run

To run user-client open the web browser and put the address: https://localhost/anti-data-leak-pattern/user-client/dist/.

  • If you have a certificate error you can ignore it. But remember, on the production you must have a valid SSL certificate!

To run admin-client enter:

  • cd admin-client
  • php admin-client.php
  • If you have a certificate error (SSL certificate problem: self signed certificate) you can disable SSL verification. Set verifySSL to false in admin-console/settings.php. But remember, on the production you must have a valid SSL certificate!

License

This project is released under the MIT license.

About

Example project of the Anti-Data-Leak Pattern.

Topics

cryptography-project cryptography-concepts

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages