22 Feb

Data security on COLLECTORBASE.net


GERMANQuestions such as, “How easy is it to hack COLLECTORBASE.net?” or “Is my data secure in the collection database?” are understandable and justifiable given the huge database of COLLECTORBASE.net.
Just recently, one of our collectors asked the following question:

“When I manage my collection on COLLECTORBASE.net, my whiskey and my STAR WARS collection has a lot of value. How do you make sure no one finds out my address and breaks into my house? “

In this post, I will explain everything to you regarding the safety of your data and the protection we have against data theft. I will keep it as understandable as possible, since I know very few of you will be IT professionals.

Surely you have already seen one film or another where someone breaks into a highly secure server room to load something from or copy data onto a storage medium – a USB stick, harddisk, or going back, a floppy disk, or right back, a tape. But why would you do that if you can hack a site and get the data sitting in your own living room as well?

The answer is because hacking a site that uses responsible and prudent programming is not possible at all.

SQL injectionsOne attack vector on websites are the so-called “SQL injections“. This means that the input of characters in form fields is processed in an unfiltered way and therefore not secured. If a hacker enters malicious code this way, he can access the database. If he has access to the database, he can read all the data and change it as he pleases.

To prevent this, we use in the system architecture of COLLECTORBASE.net a multitier architecture that processes everything a user enters in form fields and i.a. with the help of a Prepared Statement, ensures that only the data we expect will be processed.

This means, for example, where a date belongs, we expect a date and no program code. Only a date will be processed. If you could input everything you want, then a program code would be possible, which would allow access to our database. But the system architecture won’t allow that.

Our passwords are “hashed” and “salted” or encrypted and once again sent through the random generator. This considerably impedes entry into the database via passwords.

Whether your account password can be broken is your own responsibility. The simpler your password is, the faster someone could use brute-force methods to crack your account. Obviously don’t use “qwerty” or “1234567890”! If you use a strong password, you are on the safe side, because the longer and more complicated the password is, the more complex and intensive brute-force methods need to be.

But, even if for the sake of argument, this succeeds, and a single account is hacked, COLLECTORBASE.net itself is not hacked. If a single account is hacked, you can only access that single account.

If a password is cracked, you cannot automatically infer other passwords. For this we have the salt function (a cryptography measure to protect against attacks). But we’re already getting technical. Simply put, the encryption one password does not allow someone to draw any conclusions about the encryption of another password.

So, your data is safe with us.

But there is another problem and that is much more urgent!

MeltdownThanks to Spectre and Meltdown, it has been proven that the entire Internet, from low-cost hosting providers to the global players like Amazon AWS, have had vulnerabilities in them for years. This also applies to all banks, credit cards to the tax office – and every PC you have at home.

SpectreAccording to security experts, these serious, recently released security holes in the CPU architecture of all chip manufacturers may only be the tip of the iceberg. We do not know what gaps there are in the processors otherwise. We can only hope, like the rest of the world, that with updates eventually all gaps are closed. What you can rely on: we and our providers have installed all security updates and will keep doing so.

0 Comment

Would you like to join the discussion? Feel free to contribute!

    Write a Reply or Comment

    STAR WARS – ON THE … January 9, 2018