Cleanup of sensitive filesystem data
Mark Wieder
mwieder at ahsoftware.net
Sat Feb 7 20:56:20 EST 2015
Andrew-
<snipped>
ok - this is the first time I've poked my head into this thread... I
just deleted the whole thing without reading since it didn't have a
title. Now it looks like I missed an interesting discussion.
> The only way to be *sure* of the cleanup that you are requesting -- and
> of the simultaneous security of your unencrypted data -- is to store it
> *only* in memory and never allow it to be written to disk.
Yes, barring something like a heartbleed-style attack.
> You also mentioned cleaning up left-over files from previous
> instantiations of your program the next time it runs. This is
> problematic. Performing this operation requires a predictable naming
> scheme for your temporary files, but if you use a predictable naming
> scheme then there are a number of trivial attacks that can be made on
> your program to intercept its temporary files.
> In summary, I recommend that you rethink your approach; avoid storing
> unencrypted, sensitive data in the filesystem.
Agreed. If you need to store the data in files, I'd store it
encrypted, then decrypt it on the fly as needed. There's really no
completely safe way to do what you want otherwise.
--
-Mark Wieder
ahsoftware at gmail.com
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not
consent to the retrieving or storing of this communication and any
related metadata, as well as printing, copying, re-transmitting,
disseminating, or otherwise using it. If you believe you have received
this communication in error, please delete it immediately.
More information about the use-livecode
mailing list