#951 – Security Issues when Storing Confidential Data in Strings

November 15, 2013 1 Comment

Applications often have periods of time during which they need to work with confidential string data, e.g. credit card numbers or passwords.  Whenever you store this confidential string data within memory, the data is vulnerable to being read by any other process on your machine that can read your application’s memory.

Since memory can be swapped out to disk, confidential data stored in memory can also end up being stored on disk, making the data vulnerable for a longer period of time.

No matter what language your application is written in, these vulnerabilities exist whenever you store confidential data within memory as a plaintext (non-encrypted) string.

When writing code that deals with confidential data, you’ll eventually need to work with that data in memory.  To maximize security, you want to reduce the amount of time during which the plaintext version of data is stored in memory.

Filed under Security Tagged with , ,

About Sean
Software developer in the Twin Cities area, passionate about software development and sailing.

One Response to #951 – Security Issues when Storing Confidential Data in Strings

  1. Pingback: Dew Drop – November 15, 2013 (#1668) | Morning Dew

Leave a comment