|
WebApp Sec
mailing list archives
Re: secure storage of sensitive data in J2EE
From: Valdis.Kletnieks () vt edu
Date: Mon, 07 Feb 2005 21:13:50 -0500
On Tue, 08 Feb 2005 00:36:41 GMT, Antoine Martin said:
On Mon, 2005-02-07 at 14:41 -0500, Kevin Conaway wrote:
A followup question:
Once the data (be it a password or a key) has been read into memory,
what is an effective and secure way of minimizing the window that the
plaintext key or password is in memory?
If the data is read into a char [] and then overwritten with junk
data, would that work?
Not if your buffer gets swapped out beforehand, but the window of
opportunity remains short.
If you are on a system where you can use mlock(), that can help minimize
the swapped-out-buffer issue. Not sure if you can get at mlock() from the J2EE
environment, though....
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- Re: secure storage of sensitive data in J2EE, (continued)
|
Intro
