As I was reading through the two scenarios described in the Tutorial, I had a strong feeling that one important threat model was not covered: Myself as a developer! The threat model goes like this:
I build a website that contains a contact form where submitters can leave their contact information
I store the submitted contact form data in my database
At some point in the future, I do a mysqldump and forget about the resulting *.sql file in a public folder on the server
I also don't have a .htaccess directive to prevent direct access to *.sql files
This is the scenario I find the most likely for many simpler websites. Data theft. Maybe you find this a useful addition to the scenarios? It's not so much about implementation but more about realizing a threat even exists.
As I was reading through the two scenarios described in the Tutorial, I had a strong feeling that one important threat model was not covered: Myself as a developer! The threat model goes like this:
mysqldump
and forget about the resulting*.sql
file in a public folder on the server.htaccess
directive to prevent direct access to*.sql
filesThis is the scenario I find the most likely for many simpler websites. Data theft. Maybe you find this a useful addition to the scenarios? It's not so much about implementation but more about realizing a threat even exists.