Cleanup of sensitive filesystem data

Mark Wieder mwieder at ahsoftware.net
Sun Feb 8 02:56:20 CET 2015


Andrew-

<snipped>
ok - this is the first time I've poked my head into this thread... I
just deleted the whole thing without reading since it didn't have a
title. Now it looks like I missed an interesting discussion.

> The only way to be *sure* of the cleanup that you are requesting -- and
> of the simultaneous security of your unencrypted data -- is to store it
> *only* in memory and never allow it to be written to disk.

Yes, barring something like a heartbleed-style attack.

> You also mentioned cleaning up left-over files from previous 
> instantiations of your program the next time it runs.  This is 
> problematic.  Performing this operation requires a predictable naming
> scheme for your temporary files, but if you use a predictable naming
> scheme then there are a number of trivial attacks that can be made on
> your program to intercept its temporary files.

> In summary, I recommend that you rethink your approach; avoid storing
> unencrypted, sensitive data in the filesystem.

Agreed. If you need to store the data in files, I'd store it
encrypted, then decrypt it on the fly as needed. There's really no
completely safe way to do what you want otherwise.

-- 
-Mark Wieder
 ahsoftware at gmail.com

This communication may be unlawfully collected and stored by the National 
Security Agency (NSA) in secret. The parties to this email do not 
consent to the retrieving or storing of this communication and any 
related metadata, as well as printing, copying, re-transmitting, 
disseminating, or otherwise using it. If you believe you have received 
this communication in error, please delete it immediately.




More information about the use-livecode mailing list