WebApp Sec mailing list archives

RE: secure storage of sensitive data in J2EE

From: Michael Silk <michaelsilk () gmail com>
Date: Fri, 11 Feb 2005 12:56:25 +1100

Comments inline.

-----Original Message-----
From: exon [mailto:exon () home se] 
Sent: Friday, 11 February 2005 9:33 AM
To: webappsec () securityfocus com
Subject: Re: secure storage of sensitive data in J2EE

Michael Silk wrote:

Exon said:

Because it's supposed to be encrypted when it arrives over the 
network.



And how can that happen in such a way that an application

listening to

the incoming information can't get at it first?


It can't, but protecting pieces of memory from prying eyes 
was what this discussion was about.


Yes, and the sub-discussion with Michael Howard was about the
usefulness of SecureString (this is the discussion where you responded
to me).

-- Michael

Current thread:

RE: secure storage of sensitive data in J2EE, (continued)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
  - Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
    - Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
    - Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
  - Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
    - Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 10)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 11)
  - Re: secure storage of sensitive data in J2EE exon (Feb 14)