WebApp Sec: RE: secure storage of sensitive data in J2EE

["Erez Metula" <erez () avnet co il>]

I agree with that, but there is a slight difference between looking at
something (which usually leaves no traces) and actually running some code
which is more drastic and is involved with messing with the logs.

Using DPAPI, at least the password is encrypted with the user's credentials
(the user who is running the code) so looking at the code itself won't
reveal you nothing. The attacker have to switch to the relevant user, and
then run the code. 

If you store the password unencrypted, even if it's protected with the
proper ACL or such, then someone who has access to your system (legitimate
user or not) can view it without you know nothing about it.


 
 
Erez Metula
Application Security Consultant
Avnet Data Security
Mobile: 972-54-8179538    Office: 972-3-9560074  (extention 229)
 
-----Original Message-----
From: Alexander Klimov [mailto:alserkli () inbox ru] 
Sent: Monday, January 31, 2005 11:01 AM
To: ארז מטולה
Cc: secprog () securityfocus com; webappsec () securityfocus com
Subject: RE: secure storage of sensitive data in J2EE

On Mon, 31 Jan 2005, Erez Metula wrote:
> I think that the issue here is sensitive information stored on the
> server side like connection strings, encryption keys and such. You
> can't ask the user to enter a password for this kind of information.
> Storing this information in a file in cleartext, won't protect this
> information from someone who has access to the server, for example a
> legitimate (malicious) admin user or a hacker who had managed to
> break into the system.
It is not worth worring about malicious admins: he can add a keylogger
to get the password, he can change the app to send him secret keys,
etc. You have to trust[*] your admin at least on systems where admin
can do everything (Note that in many cases even if it seems that admin
can't do everything (as, e.g., on windows) in fact he can)

[*] "In the US Department of Defense, a `trusted system or component'
is defined as `one which can break the security policy'"

--
Regards,
ASK
This Mail Was Scanned By Avnet Security Systems

 
****************************************************************************
********
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
****************************************************************************
********


This Mail Was Scanned By Avnet Secure System


************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************