Security Question

Hot Topic

VS hangs when trying to open/create a project
Build exe with images from VS2003
why multiple inheritance of classes in not supported in C#?
Accessing data from a DataList
are using statements nestable?
extracting data from comma delimited string
[newbie] Thread.Sleep and Button's color change
Designer Generated Code: SizeF
Beware my nasty code! - how can I simplify this?
dll not found exception (Newby!!)

Visual C#

Enum versus Domain objects
Unmanaged to managed code
How to access extensionAttribute1 with PropertySheetExtension of AD User?
help me to convert vb.net property to c# syntax
try/catch block not working
Unable to delete folder - being used by another process
Properties in C#
RadioButton
some questions I could use a little help with
Strange behavior in catching COMException

Security Question

Hello,

I have an application that will be processing secure data. The secured data is never stored anywhere. It is placed into an object (an arraylist to be exact) then once it is finished processing the arraylist gets disposed. How secure is this I understand that objects are saved into memory but, is there anywhere else on a computer that an object could be saved at also is disposing an object a secure way to "erase" the object and data from memory

Thanks,

Quilnux

Answer this question

Security Question

  • a3b2c1r46

    You can't get it 100% secure. The best thing you can do is secure the server or clients PC's where this application will be running. You can encrypt the values in the arraylist, but when you decrypt them you will have the decrypted (unsafe) data in memory. But this will be harder to track and trace.

    If posible you should decrypt the value in blocks, the the full encrypted data is minumum in you application.

    But remember that everything can be traced!



  • Darren.Sim

    disposing an object basically means to get rid of it and return the resources used back to the OS - anything can be tracable really since its written in memory. As long as you are not writing it to disk for example, that way is better (in mem) otherwise its easier to be traced on by disk. I'm not entirely sure how secure it would be in storing it into the mem, since that is what the arraylist does/uses. If you can, encrypt and decrypt data in the arraylist and use it that way.

  • dbcuser

    Thanks guys,

    Sounds good. I definately will encrypt the data but from both of your posts it sounds like memory will be the best area so, it only will sit for 10 seconds at most so sounds good. Thank you guys again.

    Quilnux
  • Security Question
Answer this question