Many applications need to handle sensitive data either in memory or on disk. If this sensitive data is not protected properly, it might lead to loss of secrecy or integrity of the data. It is very difficult (or expensive) to completely secure all the sensitive data. Users tend to use the same passwords everywhere. So even if your program is a simple game which game that stores the user's profile information and requires the user to enter a password, the user might choose the same password he uses for his or she uses for an online bank account for your game program. Now the user's bank account is only as secure as your program enables it to be.
...
Do not hard code sensitive data in programs.
This Hard coding sensitive data is considered very bad programming practice because it enforces the requirement of the development environment to be secure.
...
Memory dumps are automatically created when your program crashes. These memory dumps They can contain information stored in any part of program memory. Therefore, memory dumps should be disabled before an application is shipped to users. See recommendation MEM06-C. Ensure that sensitive data is not written out to disk for details.
...
Sensitive data that is stored in memory can get written to disk when a page is swapped out of the physical memory. (See next point for details with respect to details about keeping sensitive data on disk.) You may be able to "lock" your data to keep it from swapping out. Your program will generally need administrative privileges to do this so successfully, but it never hurts to try. See recommendation MEM06-C. Ensure that sensitive data is not written out to disk for details.
Do not store sensitive data in plaintext (either on disk or in memory).
See recommendation MEM06-C. Ensure that sensitive data is not written out to disk.
While using a password, consider storing its hash instead of plaintext. Use the hash for comparisons and other purposes. The following code [Viega 2001] illustrates this:
| Code Block | ||||
|---|---|---|---|---|
| ||||
int validate(char *username) {
char *password;
char *checksum;
password = read_password();
checksum = compute_checksum(password);
erase(password); /* securely erase password */
return !strcmp(checksum, get_stored_checksum(username));
}
|
...
- Be aware of compiler optimization when erasing memory. (See recommendation MSC06-C. Be aware of compiler optimization when dealing with sensitive data.)
- Use secure erase methods specified in US U.S. Department of Defense Standard 5220 [DOD 5220] or Peter Gutmann's paper [Gutmann 1996].
...
MITRE CWE: CWE-798, "Use of Hardhard-coded Credentialscredentials"
MITRE CWE: CWE-326, "Inadequate Encryption Strengthencryption strength"
MITRE CWE: CWE-311, "Missing Encryption encryption of Sensitive Datasensitive data"
...
Sources
[DOD 5220]
[Gutmann 1996]
[Lewis 2006]
[Viega 2001]
...