WebApp Sec mailing list archives
Re: secure storage of sensitive data in J2EE
From: exon <exon () home se>
Date: Thu, 10 Feb 2005 23:33:25 +0100
Michael Silk wrote:
Exon said:Because it's supposed to be encrypted when it arrives over the network.And how can that happen in such a way that an application listening to the incoming information can't get at it first?
It can't, but protecting pieces of memory from prying eyes was what this discussion was about. If the key to decrypt the incoming message is stored in a secure manner (and deleted securely once the transaction is over), there is no way the eavesdropper can read it (always assuming the encryption algorithm is sound). This is more or less why encryption was invented, in case anyone hasn't done their homework. If you take encryption out of the mix there's no way to protect the data.
/exon
Current thread:
- RE: secure storage of sensitive data in J2EE, (continued)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE Olaf Reitmaier (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 09)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- Re: secure storage of sensitive data in J2EE Michael Silk (Feb 09)
- RE: secure storage of sensitive data in J2EE Michael Howard (Feb 10)
- Re: secure storage of sensitive data in J2EE exon (Feb 10)
- RE: secure storage of sensitive data in J2EE Michael Silk (Feb 11)
- Re: secure storage of sensitive data in J2EE exon (Feb 14)