WebApp Sec mailing list archives
Re: secure storage of sensitive data in J2EE
From: Michael Silk <michaelsilk () gmail com>
Date: Thu, 10 Feb 2005 16:36:22 +1100
Objects no (they are gc'd), chars (hence primatives) maybe. This is why (apparently) JPasswordField returns/requires a char[] (or byte[], can't remember) array instead of a string. If you stored your password as: char[] pword = new char[] {'r', '0', '0', 't'}; You can then replace those with nulls, and they will be gone (I believe). Also, you can always use the JNI to potentially erase it (maybe - I don't know). But, as always, the problem comes when it's going in and coming out. i.e: when you need to actually _use_ it is a string. (i.e. in sql connection string) -- Michael On Thu, 10 Feb 2005 01:30:36 -0400, Olaf Reitmaier <olafrv () gmail com> wrote:
I was looking in java forums there is not a really secure and synchronus way erase object from memory, it still remains uncertain. On Thu, 10 Feb 2005 01:10:58 -0400, Olaf Reitmaier <olafrv () gmail com> wrote:I think reading the #1 link below that gc() would collect the insecure string you want to collect, like in "How gc works(...) The documentation states that this call sets a flag suggesting that a GC might be run if the JVM is so inclined. What the System.gc() call actually does is this: if a GC cycle is running at the the time of a call, then ignore the call; otherwise, initiate a full GC cycle. This means that every time (or 99.9 percent of the time) you call System.gc(), you initiate a full GC cycle." 1. Gems from e-BIT: Living with the Garbage Collector (Understanding) http://www-106.ibm.com/developerworks/ibm/library/j-jtctips/j-jtc0117b.html 2. Forcing garbage collection (An opinion as not works fine!!!) http://www.artima.com/legacy/answers/May2000/messages/217.html 3. Forcing Finalization and Garbage Collection (Java perspective) http://www.science.uva.nl/ict/ossdocs/java/tutorial/java/system/garbage.html 4. Cleaning Up Unused Objects (Java perspective) http://www.science.uva.nl/ict/ossdocs/java/tutorial/java/javaOO/garbagecollection.html On Thu, 10 Feb 2005 14:12:02 +1100, Michael Silk <michaelsilk () gmail com> wrote:Michael, What is some example implementations of the usage of SecureString? To store a CC coming from a submission? Surely it could be tracked as it's coming in (browser -> server -> [ here ! ] -> your code), in that case. To store a password? Where does the password initially come from? and where does it get used? do other API's take a SecureString and _never_ realise it into a common string form? It seems the weak link in the chain would break this one, ... or am I missing something :) ? Further, on what basis is it encrypted? Under the user that is running the code? As such, wouldn't any other (malicious) .net code be running under the same privileges and hence be able to decrypt it? -- Michael Silk-----Original Message----- From: Michael Howard [mailto:mikehow () microsoft com] Sent: Thursday, 10 February 2005 10:15 AM To: Benjamin Livshits; chaim moshe; webappsec () securityfocus com Subject: RE: secure storage of sensitive data in J2EE I know this is not J2EE, but in .NET Framework, we added a SecureString class that: 1) is automatically encrypted in memory (to mitigate the paged-out-data threat) 2) is cleared when the string is no longer used 3) is GC'd rapidly-- ----------------------------------------------------------------------- Olaf Reitmaier Veracierta <olafrv () gmail com> Estudiante de Ing. Computación Universidad Simón Bolívar Linux User #: 264681 ------------------------------------------------------------------------- ----------------------------------------------------------------------- Olaf Reitmaier Veracierta <olafrv () gmail com> Estudiante de Ing. Computación Universidad Simón Bolívar Linux User #: 264681 -----------------------------------------------------------------------
Current thread:
- Re: secure storage of sensitive data in J2EE, (continued)
- Re: secure storage of sensitive data in J2EE Nick Seward (Feb 09)
- Re: secure storage of sensitive data in J2EE Alexander Klimov (Feb 10)
- RE: secure storage of sensitive data in J2EE Benjamin Livshits (Feb 09)
- RE: secure storage of sensitive data in J2EE Scovetta, Michael V (Feb 02)
- RE: secure storage of sensitive data in J2EE Erez Metula (Feb 02)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 10)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 11)
- Re: secure storage of sensitive data in J2EE exon (Feb 14)