Objects no (they are gc'd), chars (hence primatives) maybe.
This is why (apparently) JPasswordField returns/requires a char[] (or
byte[], can't remember) array instead of a string.
If you stored your password as:
char[] pword = new char[] {'r', '0', '0', 't'};
You can then replace those with nulls, and they will be gone (I believe).
Also, you can always use the JNI to potentially erase it (maybe - I
don't know). But, as always, the problem comes when it's going in and
coming out. i.e: when you need to actually _use_ it is a string. (i.e.
in sql connection string)
-- Michael
On Thu, 10 Feb 2005 01:30:36 -0400, Olaf Reitmaier <olafrv@gmail.com> wrote:
I was looking in java forums there is not a really secure and
synchronus way erase object from memory, it still remains uncertain.
On Thu, 10 Feb 2005 01:10:58 -0400, Olaf Reitmaier <olafrv@gmail.com> wrote:
I think reading the #1 link below that gc() would collect the insecure
string you want to collect, like in "How gc works(...) The
documentation states that this call sets a flag suggesting that a GC
might be run if the JVM is so inclined. What the System.gc() call
actually does is this: if a GC cycle is running at the the time of a
call, then ignore the call; otherwise, initiate a full GC cycle. This
means that every time (or 99.9 percent of the time) you call
System.gc(), you initiate a full GC cycle."
1. Gems from e-BIT: Living with the Garbage Collector (Understanding)
http://www-106.ibm.com/developerworks/ibm/library/j-jtctips/j-jtc0117b.html
2. Forcing garbage collection (An opinion as not works fine!!!)
http://www.artima.com/legacy/answers/May2000/messages/217.html
3. Forcing Finalization and Garbage Collection (Java perspective)
http://www.science.uva.nl/ict/ossdocs/java/tutorial/java/system/garbage.html
4. Cleaning Up Unused Objects (Java perspective)
http://www.science.uva.nl/ict/ossdocs/java/tutorial/java/javaOO/garbagecollection.html
On Thu, 10 Feb 2005 14:12:02 +1100, Michael Silk <michaelsilk@gmail.com>
wrote:
Michael,
What is some example implementations of the usage of SecureString?
To store a CC coming from a submission? Surely it could be tracked as
it's coming in (browser -> server -> [ here ! ] -> your code), in that
case.
To store a password? Where does the password initially come from? and
where does it get used? do other API's take a SecureString and _never_
realise it into a common string form?
It seems the weak link in the chain would break this one, ... or am I
missing something :) ?
Further, on what basis is it encrypted? Under the user that is running
the code? As such, wouldn't any other (malicious) .net code be running
under the same privileges and hence be able to decrypt it?
-- Michael Silk
-----Original Message-----
From: Michael Howard [mailto:mikehow@microsoft.com]
Sent: Thursday, 10 February 2005 10:15 AM
To: Benjamin Livshits; chaim moshe; webappsec@securityfocus.com
Subject: RE: secure storage of sensitive data in J2EE
I know this is not J2EE, but in .NET Framework, we added a
SecureString class that:
1) is automatically encrypted in memory (to mitigate the
paged-out-data
threat)
2) is cleared when the string is no longer used
3) is GC'd rapidly
--
-----------------------------------------------------------------------
Olaf Reitmaier Veracierta <olafrv@gmail.com>
Estudiante de Ing. Computación
Universidad Simón Bolívar
Linux User #: 264681
-----------------------------------------------------------------------
--
-----------------------------------------------------------------------
Olaf Reitmaier Veracierta <olafrv@gmail.com>
Estudiante de Ing. Computación
Universidad Simón Bolívar
Linux User #: 264681
-----------------------------------------------------------------------
