๐ŸŒŒ
Privacy Village Academy
Join The Community!AcademyAbout HGPE
  • Hitchhiker's Guide to Privacy Engineering
    • โ“What is HGPE?
      • โš–๏ธWho is this for?
      • ๐Ÿง™โ€โ™‚๏ธPrivacy Engineering
      • ๐ŸŽจCreative Privacy
      • ๐Ÿ”ฎGenerative AI
      • ๐Ÿง‘โ€๐Ÿ’ปAbout the Author
  • ๐Ÿง™โ€โ™‚๏ธThe Ethical AI Governance Playbook 2025 Edition
    • ๐Ÿค–Chapter 1 : AI Literacy
    • ๐ŸŒChapter 2 : AI Governance in the 21st Century
    • โŒ›Chapter 3 - Getting Started with AI Act Compliance
    • ๐Ÿš€Chapter 4 : Rise of AI Governance: Building Ethical & Compliant AI
    • Chapter 5 : Introduction to the Lifecycle of AI
  • ๐ŸŽ“Privacy Engineering Field Guide Season 1
    • โ“Decoding the Digital World: Exploring Everyday Technology
    • ๐Ÿ‘๏ธIntroduction: Why Privacy Matters?
      • Age of Mass Surveillance
      • Privacy & Democracy
      • Privacy & Government Surveillance
    • โšกChapter 1 : How Computers Work?
      • Electricity
      • Bits
      • Logic Gates
      • Central Processing Unit (CPU)
      • Graphic Processing Unit (GPU)
      • Motherboard
      • Data Storage
      • Databases
      • Operating System (OS)
      • Computer Code
      • Programming Languages
      • The File System
      • Bugs and Errors
      • Computer Virus
      • Internet of Things (IoT)
      • Cloud Computing
    • ๐Ÿ›ฐ๏ธChapter 2 : How the internet works?
      • Physical Infrastructure
      • Network and Protocols
      • Switch
      • Routers
      • IP Address
      • Domain Name System (DNS)
      • Mac Address
      • TCP / IP
      • OSI Model
      • Packets
      • The Client - Server Architecture
      • Secure Socket Shell (SSH)
      • Transport Layer Security (TLS)
      • Firewall
      • Tunnels and VPNs
      • Proxy Server
    • ๐Ÿ–ฅ๏ธChapter 3 : How Websites Work?
      • HTML
      • CSS
      • Javascript
      • Web Server
      • Browser
      • HTTP
      • Databases
      • Front End (Client Side)
      • Back End (Server Side)
      • Cookies
      • Local Storage
      • Session Storage
      • IndexedDB
      • XHR Requests
      • Web APIs
      • Webhooks
      • Email Server
      • HTTPS
      • Web Application Firewall
      • Single Sign-on (SS0)
      • OAuth 2.0
      • Pixels
      • Canvas Fingerprinting
      • Email Tracking
      • Containers
      • CI/CD
      • Kubernetes
      • Serverless Architecture
    • โš›๏ธChapter 4 : How Quantum Computers Work?
      • Quantum Properties
      • Quantum Bits (Qubits)
      • Decoherence
      • Quantum Circuits
      • Quantum Algorithms
      • Quantum Sensing
      • Post-Quantum Cryptography
    • ๐Ÿ“ณChapter 5 : Mobile Apps and Privacy
      • Battery
      • Processor
      • Mobile Operating Systems
      • Mobile Data Storage
      • Cellular Data
      • Mobile Device Sensors
      • Wireless Connectivity
      • Camera & Microphone
      • Mobile Apps
      • Software Development Kits (SDKs)
      • Mobile Device Identifiers
      • Bring Your Own Device (BYOD)
  • ๐Ÿ•ต๏ธโ€โ™‚๏ธPrivacy Engineering Field Guide Season 2
    • โ“Introduction to Privacy Engineering for Non-Techs
      • ๐ŸŽญChapter 1 : Digital Identities
        • What is identity?
        • Authentication Flows
        • Authentication vs. Authorization
        • OAuth 2.0
        • OpenID Connect (OIDC)
        • Self Sovereign Identities
        • Decentralized Identifiers
        • eIDAS
      • ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธChapter 2 : De-Identification
        • Introduction to De-Identification?
        • Input / Output Privacy
        • De-identification Strategies
        • K-Anonymity
        • Differential Privacy
        • Privacy Threat Modeling
  • ๐Ÿ“–HGPE Story and Lore
    • ๐ŸชฆChapter 1 : The Prologue
    • โ˜„๏ธChapter 2 : Battle for Earth
    • ๐Ÿฆ Chapter 3 : A Nightmare To Remember
    • ๐Ÿง™โ€โ™‚๏ธChapter 4 : The Academy
    • ๐ŸŒƒChapter 5: The Approaching Darkness
    • โš”๏ธChapter 6 : The Invasion
    • ๐ŸฐChapter 7 : The Fall of the Academy
    • ๐Ÿ›ฉ๏ธChapter 8 : The Escape
    • ๐ŸชChapter 9 : The Moon Cave
    • ๐Ÿฆ‡Chapter 10: Queen of Darkness
  • ๐Ÿ“บVideos, Audio Book and Soundtracks
    • ๐ŸŽงReading Episodes
    • ๐ŸŽนSoundtracks
  • ๐Ÿ‘พHGPE Privacy Games and Challenges
    • ๐ŸŽฎData Privacy Day'23 / Privacy Treasure Hunt Game
    • ๐ŸงฉPrivacy Quest
  • ๐Ÿ“ฌSubscribe Now!
Powered by GitBook
On this page

Was this helpful?

  1. Privacy Engineering Field Guide Season 1
  2. Chapter 3 : How Websites Work?

Back End (Server Side)

Functions such as the inner workings, which might include business logic, updates, and changes are all the jobs of the back-end services.

PreviousFront End (Client Side)NextCookies

Last updated 2 years ago

Was this helpful?

Users donโ€™t usually see what goes on at the back end, but they make everything work. Functions such as the inner workings, which might include business logic, updates, and changes are all the jobs of the back-end services.

The back end would store the data you collect from your users through the front end such as phone numbers, email addresses, and logs of IP addresses or credit card numbers. SQL or NoSQL databases store, retrieve, and back up your data.

API calls are used to connect different layers and clusters together that help your back-end process requests and communicate with other layers. Load balancers can be used for optimizing the user experience or connection layers for forming secure connections with the internet are all part of the back-end infrastructure.

A cloud-native tech stack will include multiple servers, containers running different applications, caches, web proxies, and databases.

You can find the sample backend code below to create a user record on our MySQL database.

from flask import Flask, render_template, request
from passlib.hash import sha256_crypt
import mysql.connector as mariadb
app = Flask(__name__)
db_connection = db.connect(user='chooseAUserName', password='chooseAPassword', database='Login')
@app.route('/')
def index():
  username = "newUserName"
  password = sha256_crypt.encrypt("newPassword")
  email = "what@ever.com"
  cur = db_connection.cursor()
  cur.execute('INSERT INTO Login (username, password, email) VALUES (%s, %s, %s)', (username, password, email))
  db_connection.commit()
  cur.close()
  return "New user added"
if __name__ == '__main__':
  app.run(debug=True, host='0.0.0.0', port='5000')t

Best Practices

Communication between your web application's front end and back end is what drives your web application. And this communication often goes over the internet unencrypted, as the software in use is often built without encryption in mind. Data should always be encrypted in transit between servers, as well as in storage โ€” both at the API and database level.

So let's say you are using AWS S3 buckets to store files. You might develop a custom AWS Config rule to check that all objects stored in your S3 buckets are encrypted.

There should always be a secure backup plan. You should make sure data is backed up regularly and mirrored on several servers, in different physical locations or regions if possible.

Access to personal data should be limited to a few legitimate users. Precise permissions can be set at the API level, as well as for different users.

The session timeout system is tested and the token is invalidated after the user logs out. Limit API access should be limited to prevent automated attacks.

With multiple backends, services, and distributed servers a centralized logging system in which all services can write their log files is a good practice considering the complex back-end services of modern apps.

If you are using third-party code in your back-end, make sure you are using the latest updated versions of everything.

๐ŸŽ“
๐Ÿ–ฅ๏ธ
Page cover image