[WEB SECURITY] Encrypting Client Data
jim at manico.net
Sun Jun 12 00:06:44 EDT 2011
Since this is for a high-assurance/low-risk app....
The only slight risk with this mechanism (if it is a Java system) is
how little you can depend on garbage collection. The other problem
involves strings getting stored in the JVM string pool for a
non-deterministic amount of time. You may want to do your crypto
operations in a separate process that kills the JVM right after each
individual crypto action.
>> The database information is now secure and you only
>> need to protect the encryption keys at the application
>> layer - which is a completely different conversation...
> Precisely, their proposed model does exactly what you said, and their
> method for storing the keys is, well, not to store them; just pass the
> key off to the end-user and have them keep it stored on their end and
> provide them to the application when needed. The people who want the
> application built are very risk-averse and don't trust the keys to be
> stored anywhere that the server/application/staff has direct access to
> them. Personally, I'd prefer a more standard key management system
> but the thought of us even having both the encrypted data and the keys
> makes the business very, very nervous. Eventually the data and keys
> have to come together, so there is always some risk, they just want it
> to be as reduced as possible and still get the application built.
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
More information about the websecurity