WebApp Sec mailing list archives
RE: secure storage of sensitive data in J2EE
From: Michael Silk <michaelsilk () gmail com>
Date: Fri, 11 Feb 2005 12:56:25 +1100
Comments inline.
-----Original Message----- From: exon [mailto:exon () home se] Sent: Friday, 11 February 2005 9:33 AM To: webappsec () securityfocus com Subject: Re: secure storage of sensitive data in J2EE Michael Silk wrote:Exon said:Because it's supposed to be encrypted when it arrives over the network.And how can that happen in such a way that an applicationlistening tothe incoming information can't get at it first?It can't, but protecting pieces of memory from prying eyes was what this discussion was about.
Yes, and the sub-discussion with Michael Howard was about the usefulness of SecureString (this is the discussion where you responded to me). -- Michael
Current thread:
- RE: secure storage of sensitive data in J2EE, (continued)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 10)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 11)
- Re: secure storage of sensitive data in J2EE exon (Feb 14)