WebApp Sec mailing list archives
RE: secure storage of sensitive data in J2EE
From: "Michael Howard" <mikehow () microsoft com>
Date: Wed, 9 Feb 2005 21:06:33 -0800
It certainly can't help the data on the network - I know of no programming language that can!! The real threat being mitigated here is a local attack trying to grovel through an app or pagefile for secret data. You can encrypt the data by user, by process or by machine. It's all supported through Crypt[Un]ProtectMemory [Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp [Protect Your PC] http://www.microsoft.com/protect [Blog] http://blogs.msdn.com/michael_howard [On-line Security Training] http://mste/training/offerings.asp?TrainingID=53074 -----Original Message----- From: Michael Silk [mailto:michaelsilk () gmail com] Sent: Wednesday, February 09, 2005 7:12 PM To: webappsec () securityfocus com; Michael Howard Subject: RE: secure storage of sensitive data in J2EE Michael, What is some example implementations of the usage of SecureString? To store a CC coming from a submission? Surely it could be tracked as it's coming in (browser -> server -> [ here ! ] -> your code), in that case. To store a password? Where does the password initially come from? and where does it get used? do other API's take a SecureString and _never_ realise it into a common string form? It seems the weak link in the chain would break this one, ... or am I missing something :) ? Further, on what basis is it encrypted? Under the user that is running the code? As such, wouldn't any other (malicious) .net code be running under the same privileges and hence be able to decrypt it? -- Michael Silk
-----Original Message----- From: Michael Howard [mailto:mikehow () microsoft com] Sent: Thursday, 10 February 2005 10:15 AM To: Benjamin Livshits; chaim moshe; webappsec () securityfocus com Subject: RE: secure storage of sensitive data in J2EE I know this is not J2EE, but in .NET Framework, we added a SecureString class that: 1) is automatically encrypted in memory (to mitigate the paged-out-data threat) 2) is cleared when the string is no longer used 3) is GC'd rapidly
Current thread:
- Re: secure storage of sensitive data in J2EE, (continued)
- Re: secure storage of sensitive data in J2EE Alexander Klimov (Feb 10)
- RE: secure storage of sensitive data in J2EE Benjamin Livshits (Feb 09)
- RE: secure storage of sensitive data in J2EE Scovetta, Michael V (Feb 02)
- RE: secure storage of sensitive data in J2EE Erez Metula (Feb 02)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 10)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 11)
- Re: secure storage of sensitive data in J2EE exon (Feb 14)