security - Is there a way to reliably delete/wipe a variable (i.e. key/password) in JavaScript? -


Today there is a crypto library for JavaScript and therefore there may be a situation where the password / key / secret / sensitivity A variable in javascript is stored

I do not want to take this risk that this sensitive data has been leaked / disclosed and therefore I want to know that javascript is a powerful way to wipe a variable The way, so About the data Awaskript engine will not balance information? For example, I did not want to trust some GC so data could become sluggish.

An answer can be an example code which kills / omits a variable and also gives an explanation (and if there are differences on what type of javascript implementation browsers / nodes) it relies on Does that data have been deleted?

Otherwise if the job is impossible, then I appreciate the explanation why this is and it also accepts it.

Script Variables for the target webpage user Can not be accessed). The goal is to ensure that the memory of the Javascript engine does not contain copies of the shadow / cache of data, after the required point I want the data to be finished so that any (attacker software) memory related to JavaScript variables Seeing the secret data can be obtained

Javascript trash is collected. Apart from this, no mechanism has been created for destinies resource management. You can do one, but resources must be external.

Even if you get this kind of mechanism (C ++ node in external module), when you get the copy of their memory approved, the engine does not guarantee you a strong guarantee. You must manually assign the same variable parts of the resource data and replace it with junk. This potential works but is not guaranteed at the engine level.

This is not a problem that Javascript is implemented well to implement this point. nobody is here . He said - working on the variants of ECMAScript (JS standard) which guarantees you a stronger one is a good first step towards addressing this problem (but no such guarantee yet).

I do not even want to start on the browser, where browser extensions can easily get better hooks from you and write function.prototype.col and hook on each function call In Javascript, there is a lot of powerful AOP capabilities built, in this example worse than that.

A potential solution would be to run the entire program in a VM which uses encrypted RAM, but I am against making my own crypto roll in this way. Generally, an attacker should not have access to your program's RAM in the first place, if they do, they can install a browser extension :)

Comments

Post a Comment

Popular posts from this blog

Java - Error: no suitable method found for add(int, java.lang.String) -

I'm in the middle of homework work and I'm stuck. At this point in my code, I think that I should have a GUI window that opens and allows me to type "inserted text number". Notice is not going anywhere but at this point, If I pass through the problem then it will be in a linked list. I am getting two of the same error for the lines. Add (index, element); And I can not seem to get past it, there is no suitable method for the error "add (int, java. string string)". Code is below, please advise. To clarify - this will not be a method error because it is a linked list. There should not be any way involved. import java.awt. *; Import java.awt.event. *; Import javax.swing. *; Import java.util. *; Import java.util.Scanner; Import java.util.LinkedList; Public class TopTenList JFrame {Private TopTenList tt; See the Private JTextArea list; Private JTextField cmdTextField; Private JTextField resultsTestfield; // This GUI window is the code for the public toptist...
Read more

java - JPA TypedQuery: Parameter value element did not match expected type -

I am using JPA 2.0 and getting the following code in the DAO layer: Public Zero Test () {string key = "status"; String [] Conditions = {"A", "B"}; & Lt; TestTable & gt; Results = Search (Keys, Conditions); } Public listing & lt; TestTable & gt; Search (string key, object value error) {string sql = "test ndf to testlet and jade nand." + Key + "in:" + key; TypedQuery & LT; TestTable & gt; Query = entityManager.createQuery (SQL, TestTable.class); Query.setParameter (key, Arrays.asList (valueArr)) / *** Error Line *** Return query.getResultList (); } In the above error line, it throws the following exception: java.lang.IllegalArgumentException: parameter value element [[Ljava.lang.String; @ cbe5bc] did not match the expected type [java.lang.String] Why is this expected type string while actually this string []? Please help! Note: This is derived from the normal routine and is a simplified code. I can no...
Read more

c++ - static template member variable has internal linkage but is not defined -

Yes, I know, there is a question with almost the same title, but it refers to a different situation. Error message) In my case, I have a .cpp file with a big named designation name (implementation details). There is a property class template with a static data member in that name space, which I need to access from outside the unknown namespace. I give it a little bit of meat: file.hpp namespace Bar {template & lt; Typename A & gt; Struct foo {static_assert (is_same & lt; a, float & gt; :: value} is_same & lt; a, double>: value, ""); Fixed zero set_static_var (a const & x); // ...}; } and file.cpp namespace {template & lt; Typename A & gt; Struct foo_traits {// supports the implementation of several static code bars: foo & lt; & Gt; Fixed A data; }; The template's & lt; & Gt; Float foo_traits & lt; Float & gt; :: datum; // No change if this is in the global namespace template & lt; & Gt; Doub...
Read more