Simple workaround prevents Highcharts data leaks
Our client formed vteam #376 to make improvements in their Learning Management System (LMS) and to do so, we had to reverse engineer it. The application was already built in Zend Framework2, MySQL, AJAX, jQuery, Web Services, AWS (S3, Glacier), MemCache and a multiple databases approach. The graphing in the LMS was rather poor though and after a conversation with the client we decided to change to Highcharts. We also enabled the export of graphs in multiple formats: JPG/PNG, PDF and Word.
Upon inspection, the client was disturbed to notice that graph exports only took place after Highcharts sent the data to a third party at https://export.highcharts.com. This exposed their data to other websites or services.
Wanting to keep the functionality while nixing the data transfer, our developers proposed a simple, secure solution:
- Set up a server for the client as the graph library that also exports graphs.
- Create a new sub-domain https://graph.*******.com and install a few open source libraries and software.
This allows Highcharts to work as programmed, but it sends the data to a secure location, instead of someone else’s server.
Here are some examples of the new graphs: