“We will now be conducting our lockdown drill.”
I was with my 2 year-old son at the local Early Years drop-in when the principal came over the intercom of the school informing us that this drill was about to begin. It was a little strange for me, and my son kept asking why we were locking the doors and turning off the lights. I didn’t really know how to explain it to him, so I just told him we were practicing quiet time.
In spite of the obvious discomfort of even having to do a “lockdown drill” my mind wandered a bit to the security of Crate. How easy would it be for someone get steal users’ information? What kind of data could they get? Does it matter if someone “sniffs” data being transferred?
As my 4-year-old daughter would put it: I thought about it in my brain, my brain said we should probably secure our application and its data with SSL, and I agreed with my brain that it was the right decision. Later that day I came home and started working toward securing our application’s data.
This past weekend, we reconfigured our web servers and our application to run strictly over SSL for all connections. This means that any data being passed from your browser to our servers will be encrypted with 256-bit SSL which will defend us against anyone stealing data; sensitive or not.
The type of data that is generally moving over the internet between our users and our application is not sensitive; it’s a command to share a story to Twitter, or add some blog post to their Buffer queue. We use Twitter’s OAuth login service and have always used secured URLs to connect to our databases and APIs to ensure that no data is ever in jeopardy.
In reality there was no specific threat or pending doom that made us decide to run on SSL, it simply came down to a simple rule that I read a long time ago regarding web-based applications:
“If you ask someone to provide you with any info, make sure it’s passed over SSL.”
In this age of internet security, hackery, and identity theft, we want to take nothing for granted. We have taken every precaution to ensure that your data stays safe so that you can go about your business of sharing great social content.