Databases, Government and Security



October 02, 2008

I had to write a short note about a concern that was passed along to me about having public facing websites having databases on them.  The opinion passed along to me was that it was insecure to have a database driven dynamic website for a public government department because the database made the whole system less secure. 

I just needed to state clearly that it is the scripting languages that interact with the browser that are the main point of concern, and these are well used in most GoC sites.  Yes, if the .asp or .php scripts that are driving a page were badly written or just not monitored for security issues, adding a database just adds to the possible exploits.  However the problem isn't the database it's insecure code and there is a difference.  All the hacks I've seen have actually expressed through the file system, not the database. 

Most government websites are populated with public data.  Yes, someone could hack into the site and change something but this is true of all sites if they aren't properly secured and maintained.  Furthermore, proper monitoring & backup strategies can be put in place to ensure that a site can be restored quickly.  Webservers should of course sit outside a organization's firewall and dealt with through secure protocols like ssh. 

Certainly if private, confidential data is on a server it needs to be very carefully managed.  However, there are ways to deal with this that are well understood.  Encrypting private data is certainly one way, passing it along to a 3rd party is another.  However, eCommerce would never have taken off if database driven websites couldn't be very securely written.

There are plenty of database backed websites within the Government of Canada.  To pick two topical ones as example, Elections Canada and Parliament are examples of sites that need databases and where security is critical.  Who could think about going through something like Hansard without a database to search/organize it?

Dynamic looking pages with a probability of an installed database (about 7 million pages):

Low probability of dynamic content or a database back-end (about 5 million pages):

I can't tell you how to audit 7 million pages of code.  I can't tell you how many innocent looking .html pages are actually database driven (like this one).  But I can tell you that there are far more secure and cost effective ways to maintain 12 million web pages than what the government is doing now.  Using open source tools like Drupal can provide significant cost reductions and big security enhancements as well. 

About The Author

Mike Gifford is the founder of OpenConcept Consulting Inc, which he started in 1999. Since then, he has been particularly active in developing and extending open source content management systems to allow people to get closer to their content. Before starting OpenConcept, Mike had worked for a number of national NGOs including Oxfam Canada and Friends of the Earth.