Cleanup of sensitive filesystem data
mwieder at ahsoftware.net
Sun Feb 8 02:56:20 CET 2015
ok - this is the first time I've poked my head into this thread... I
just deleted the whole thing without reading since it didn't have a
title. Now it looks like I missed an interesting discussion.
> The only way to be *sure* of the cleanup that you are requesting -- and
> of the simultaneous security of your unencrypted data -- is to store it
> *only* in memory and never allow it to be written to disk.
Yes, barring something like a heartbleed-style attack.
> You also mentioned cleaning up left-over files from previous
> instantiations of your program the next time it runs. This is
> problematic. Performing this operation requires a predictable naming
> scheme for your temporary files, but if you use a predictable naming
> scheme then there are a number of trivial attacks that can be made on
> your program to intercept its temporary files.
> In summary, I recommend that you rethink your approach; avoid storing
> unencrypted, sensitive data in the filesystem.
Agreed. If you need to store the data in files, I'd store it
encrypted, then decrypt it on the fly as needed. There's really no
completely safe way to do what you want otherwise.
ahsoftware at gmail.com
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not
consent to the retrieving or storing of this communication and any
related metadata, as well as printing, copying, re-transmitting,
disseminating, or otherwise using it. If you believe you have received
this communication in error, please delete it immediately.
More information about the use-livecode