{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Encrypt All Sensitive Data

by Serge Truth on May 12, 2011

Encrypt Sensitive DataWhat to Do

Encrypt all sensitive data.

Why

Sensitive user data can be compromised if stored in plaintext. Unauthorized access by users or attackers can lead to information disclosure.

When

All sensitive data should be encrypted.

How

To encrypt all sensitive data:

  1. Identify sensitive information. Sensitive data is any information that is kept secret and should be disclosed only to authorized parties. Common examples of sensitive data include, but are not limited to, names of customers, government issued ID numbers, credit card and other financial information, passwords, and private keys. Sensitive data can be defined as follows:

    • Information that either contains personally identifiable information or that can be used to derive personally identifiable information that should not be shared with others.
    • Information that a user provides that they would not want shared with other users of the application.
    • Information that comes from an external trusted source that is not designed to be shared with users.
    • Some industries, such as health care and banking, have regulatory standards that define sensitive information. If any regulatory requirements apply to your application that define sensitive data, use those definitions.
  2. Determine if storage is required. The safest thing to do with sensitive information is not store it at all. Examine how much information is stored in each case and how long that information is stored for. Determine whether the information needs to be stored. Any information being stored that does not need to be should be purged and the application should be rewritten to discontinue storage of the unnecessary information. When sensitive information must be stored, establish policies about purging it from both primary and backup storage, and ensure that they are followed. Be careful when using caches.

  3. Store sensitive data securely. Choose the appropriate cryptographic mechanism for securing sensitive data and implement it.

    • Hashing. Hashing is appropriate for storing passwords. If your application stores passwords, hash and salt them for storage. It is recommended to use platform specific authentication controls for handling password storage. If custom authentication controls are required, passwords should be hashed and salted for storage. Hashing is not very useful for securing information other than passwords.

    • Encryption. Encryption is useful for storing all types of information other than passwords. AES-256 should be used to secure sensitive data that needs to be stored. AES-256 is implemented in the System.Security.Cryptography namespace.

Topics: developer guidance

Most Recent

What's Trending

Featured Resource