WebApp Sec mailing list archives

RE: secure storage of sensitive data in J2EE

From: "Michael Howard" <mikehow () microsoft com>
Date: Wed, 9 Feb 2005 21:06:33 -0800

It certainly can't help the data on the network - I know of no
programming language that can!!

The real threat being mitigated here is a local attack trying to grovel
through an app or pagefile for secret data.

You can encrypt the data by user, by process or by machine. It's all
supported through Crypt[Un]ProtectMemory

[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard

[On-line Security Training]
http://mste/training/offerings.asp?TrainingID=53074

-----Original Message-----
From: Michael Silk [mailto:michaelsilk () gmail com] 
Sent: Wednesday, February 09, 2005 7:12 PM
To: webappsec () securityfocus com; Michael Howard
Subject: RE: secure storage of sensitive data in J2EE

Michael,

What is some example implementations of the usage of SecureString?

To store a CC coming from a submission? Surely it could be tracked as
it's coming in (browser -> server -> [ here ! ] -> your code), in that
case.

To store a password? Where does the password initially come from? and
where does it get used? do other API's take a SecureString and _never_
realise it into a common string form?

It seems the weak link in the chain would break this one, ... or am I
missing something :) ?

Further, on what basis is it encrypted? Under the user that is running
the code? As such, wouldn't any other (malicious) .net code be running
under the same privileges and hence be able to decrypt it?

-- Michael Silk

-----Original Message-----
From: Michael Howard [mailto:mikehow () microsoft com] 
Sent: Thursday, 10 February 2005 10:15 AM
To: Benjamin Livshits; chaim moshe; webappsec () securityfocus com
Subject: RE: secure storage of sensitive data in J2EE

I know this is not J2EE, but in .NET Framework, we added a 
SecureString class that:

1) is automatically encrypted in memory (to mitigate the 
paged-out-data
threat)
2) is cleared when the string is no longer used
3) is GC'd rapidly

Current thread:

Re: secure storage of sensitive data in J2EE, (continued)
- - - Re: secure storage of sensitive data in J2EE Alexander Klimov (Feb 10)
- RE: secure storage of sensitive data in J2EE Benjamin Livshits (Feb 09)
- RE: secure storage of sensitive data in J2EE Scovetta, Michael V (Feb 02)
- RE: secure storage of sensitive data in J2EE Erez Metula (Feb 02)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
  - Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
    - Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
    - Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
  - Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
    - Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 10)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 11)
  - Re: secure storage of sensitive data in J2EE exon (Feb 14)