[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Credentials held unencrypted in memory during runtime

From: Feldhacker, Chris <Feldhacker.Chris_at_principal.com>
Date: Tue, 12 Apr 2011 08:25:57 -0500

CERT provides secure coding best practices:
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637

Chapter 8 covers "Memory Management", with the following relevant topics:

MEM03-CPP. Clear sensitive information stored in returned reusable resources
MEM06-CPP. Ensure that sensitive data is not written out to disk

Complete with good/bad coding examples.

Rationalizing why something is/is not a security issue by scenario examples or logic of "it would just be easier for an attacker to do X" misses the point and does not foster secure software. Lots of really smart people have chewed on these problems for years and secure coding best practices have been established as a result.
If TortoiseSVN doesn't want to follow secure coding best practices so be it, but trying to justify these decisions by arguing it's not a security issue runs counter to CERT and many other industry recognized security experts.

Is the argument that secure coding best practices are wrong?
Why not be safe rather than sorry?

(BTW, "pervasive memory scraping" is the term being used these days -- apparently the SANS Institute identified this as the top threat for this year. A good Google search will turn up lots of references, and one counter-measure in a defense-in-depth strategy is to ensure in-memory sensitive data is handled appropriately...)

-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect_at_principal.com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.

While this communication may be used to promote or market a transaction
or an idea that is discussed in the publication, it is intended to provide
general information about the subject matter covered and is provided with
the understanding that The Principal is not rendering legal, accounting,
or tax advice. It is not a marketed opinion and may not be used to avoid
penalties under the Internal Revenue Code. You should consult with
appropriate counsel or other advisors on all matters pertaining to legal,
tax, or accounting obligations and requirements.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719087

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 15:26:11 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.