162 Chapter 8 Security in SimpleDB-Based Applications
Although XSS should be a security concern for any site, it is most specifically a danger to those sites driven by a database. XSS attack vectors depend on pages that store data gathered from users and then display that data without the proper sanitization. If you store user-entered data in SimpleDB and then display that data to other users in a web page, your application could be just as vulnerable as any site that runs off database content.
Data sent over the open Internet can be intercepted or observed.You do not have control over the systems between the endpoints, and one of those systems could be listening in.
At an application level, you need to decide what portion of the data should be en-crypted over the wire and between which endpoints. If you want to use standard SSL en-cryption between the client and the server running your SimpleDB-based application, it may be a wise choice. However, that choice has nothing to do with SimpleDB.
Amazon takes security seriously, and EC2 instances are well locked down by default. You cannot even SSH into your own instance without first specifically opening port 22. Moreover, network security is also very tight. Under no circumstances are network pack-ets addressed to one instance delivered to a different instance.This is even true of multiple instances running on the same physical hardware with network adapters configured for promiscuous mode.
The result is that the EC2 to SimpleDB pipe is already well protected. Packets cannot be intercepted, so you are never subject to packet replay or man-in-the-middle attacks. The only additional protection you get from SSL is from Amazon employees listening in. However, this also is of no benefit since those few employees with physical access to the network also have physical access to the server before it encrypts the data and the Sim-pleDB replicas storing the unencrypted data.Therefore, it still provides a sum total of zero additional protection.
The additional SSL latency is actually worse from outside the Amazon cloud.This is true because the inherently higher round-trip latencies are multiplied by the upfront SSL