I'm not sure how to ensure the memory that a VFP string is occupying is zeroed out for protection purposes. I know in .NET this is a nightmare for strings but is it easier with VFP. Lets say I have some sensitive unencrypted data in a string in VFP what can I do to clear that out immediately once I'm done with it?
Hope this makes sense.
Regards
Richard
<- NozFX ->
There's no 100% reliable way to do this as VFP internally allocates and stores string storage on the heap. There's no 100% guarantee for how the string data will be stored and cleared. However, VFP internally uses character arrays and is optimized to not allocate new string data for every string. So if you replace a string with one that is smaller or the same size it *should* actually replace the original content in place.
So replacing a string with blank characters of the same size as the string to clear would effectively wipe out the memory as VFP does use plain memory character arrays and byte swapping for optimization.
So I think this:
lcString = "SECRET STUFF"
* ... do super secret stuff here
lcString = SPACE(LEN(lcString)) && clear by replacing
lcString = .F. && deallocate
would do the trick as best as you can do within Fox code.
+++ Rick ---
Hi All,
I'm not sure how to ensure the memory that a VFP string is occupying is zeroed out for protection purposes. I know in .NET this is a nightmare for strings but is it easier with VFP. Lets say I have some sensitive unencrypted data in a string in VFP what can I do to clear that out immediately once I'm done with it?
Hope this makes sense.
Regards
Richard
West Wind Technologies
Making waves on the Web
from Maui
I was hoping it worked something like this. So we are saying that VFP strings a mutable, where-as .NET strings are immutable, resulting in strings being copied and existing all over the place. Well its a best stab at covering the data for me using VFP at least. .NET has the SecureString class, but its just a workaround for strings IMO, you need to totally avoid strings for it to make any sense, it's a bit of a PITA! Although the SecureString class offers in memory encryption. I was going implement encryption in VFP, probably no where near as secure as what the SecureString class does, pros and cons.... <g>
Thanks for the info, much appreciated.
Regards
Richard
There's no 100% reliable way to do this as VFP internally allocates and stores string storage on the heap. There's no 100% guarantee for how the string data will be stored and cleared. However, VFP internally uses character arrays and is optimized to not allocate new string data for every string. So if you replace a string with one that is smaller or the same size it *should* actually replace the original content in place.
So replacing a string with blank characters of the same size as the string to clear would effectively wipe out the memory as VFP does use plain memory character arrays and byte swapping for optimization.
So I think this:
lcString = "SECRET STUFF"
* ... do super secret stuff here
lcString = SPACE(LEN(lcString)) && clear by replacing
lcString = .F. && deallocate
would do the trick as best as you can do within Fox code.
+++ Rick ---
Hi All,
I'm not sure how to ensure the memory that a VFP string is occupying is zeroed out for protection purposes. I know in .NET this is a nightmare for strings but is it easier with VFP. Lets say I have some sensitive unencrypted data in a string in VFP what can I do to clear that out immediately once I'm done with it?
Hope this makes sense.
Regards
Richard
<- NozFX ->
In my experience none of these 'secure string' measures really helps because at some point you actually need to use the actual string value so it gets copied into main memory to display/edit/use or do anything useful with it anyway. All you're doing with a secure string is potentially minimizing the duration the real string lives in memory. In .NET the garbage collector will wipe out the string quickly if the ref is released. In FoxPro you can manually clear the buffer - I believe. I'm not 100% sure - I'm basing this on what I know about hte string optimizations and preallocations that VFP strings do to optimize string concatenation ops.
Secure/encrypted strings for storage on disk - absolutely. Minimize usage of sensitive strings in code - absolutely. Cleaning up strings as best as you can natively - easy enough to do and a good idea. Anything beyond that IMHO is pure overkill. We're talking about internal memory - somebody has to have control of the machine as an Admin to take a memory snapshot. If that's the case your secure string problem is likely to be the least of your worries.
+++ Rick ---
Hi Rick,
I was hoping it worked something like this. So we are saying that VFP strings a mutable, where-as .NET strings are immutable, resulting in strings being copied and existing all over the place. Well its a best stab at covering the data for me using VFP at least. .NET has the SecureString class, but its just a workaround for strings IMO, you need to totally avoid strings for it to make any sense, it's a bit of a PITA! Although the SecureString class offers in memory encryption. I was going implement encryption in VFP, probably no where near as secure as what the SecureString class does, pros and cons.... <g>
Thanks for the info, much appreciated.
Regards
Richard
There's no 100% reliable way to do this as VFP internally allocates and stores string storage on the heap. There's no 100% guarantee for how the string data will be stored and cleared. However, VFP internally uses character arrays and is optimized to not allocate new string data for every string. So if you replace a string with one that is smaller or the same size it *should* actually replace the original content in place.
So replacing a string with blank characters of the same size as the string to clear would effectively wipe out the memory as VFP does use plain memory character arrays and byte swapping for optimization.
So I think this:
lcString = "SECRET STUFF"
* ... do super secret stuff here
lcString = SPACE(LEN(lcString)) && clear by replacing
lcString = .F. && deallocate
would do the trick as best as you can do within Fox code.
+++ Rick ---
Hi All,
I'm not sure how to ensure the memory that a VFP string is occupying is zeroed out for protection purposes. I know in .NET this is a nightmare for strings but is it easier with VFP. Lets say I have some sensitive unencrypted data in a string in VFP what can I do to clear that out immediately once I'm done with it?
Hope this makes sense.
Regards
Richard
West Wind Technologies
Making waves on the Web
from Maui
Many thanks again for your response. This is a subject area I've been looking into recently. Your points are valid and I'm aware of the fact that at times the string will be definitely exposed, hence the requirement to clear the memory at the earliest possible moment. As to the risk, again, I know it is low and almost certainly 'over-kill' to take any further measures for almost all scenarios.
Looking at this from a security diligence perspective, especially when dealing with issues of code vulnerabilities exposing such data, if you had some sensitive data that you had to hold for a long time but didn't want the risk of it being obtained from memory at all, then I see that protecting that memory a little further wouldn't be necessarily 'over-kill', although how you protect it (encryption for example), has to carefully implemented as the encryption is only as strong (in simple terms) as the key used to encrypt the data. Maybe this is still 'over-kill' but does add a layer of obfuscation at least in this scenario.
I have no direct requirement at the moment, just looking into this area for future works. Although implementing the clearing of sensitive memory is a definite on my list, including the other areas you mention.
Many Thanks
Richard
What is your use case for this secure data exactly?
In my experience none of these 'secure string' measures really helps because at some point you actually need to use the actual string value so it gets copied into main memory to display/edit/use or do anything useful with it anyway. All you're doing with a secure string is potentially minimizing the duration the real string lives in memory. In .NET the garbage collector will wipe out the string quickly if the ref is released. In FoxPro you can manually clear the buffer - I believe. I'm not 100% sure - I'm basing this on what I know about hte string optimizations and preallocations that VFP strings do to optimize string concatenation ops.
Secure/encrypted strings for storage on disk - absolutely. Minimize usage of sensitive strings in code - absolutely. Cleaning up strings as best as you can natively - easy enough to do and a good idea. Anything beyond that IMHO is pure overkill. We're talking about internal memory - somebody has to have control of the machine as an Admin to take a memory snapshot. If that's the case your secure string problem is likely to be the least of your worries.
+++ Rick ---
Hi Rick,
I was hoping it worked something like this. So we are saying that VFP strings a mutable, where-as .NET strings are immutable, resulting in strings being copied and existing all over the place. Well its a best stab at covering the data for me using VFP at least. .NET has the SecureString class, but its just a workaround for strings IMO, you need to totally avoid strings for it to make any sense, it's a bit of a PITA! Although the SecureString class offers in memory encryption. I was going implement encryption in VFP, probably no where near as secure as what the SecureString class does, pros and cons.... <g>
Thanks for the info, much appreciated.
Regards
Richard
There's no 100% reliable way to do this as VFP internally allocates and stores string storage on the heap. There's no 100% guarantee for how the string data will be stored and cleared. However, VFP internally uses character arrays and is optimized to not allocate new string data for every string. So if you replace a string with one that is smaller or the same size it *should* actually replace the original content in place.
So replacing a string with blank characters of the same size as the string to clear would effectively wipe out the memory as VFP does use plain memory character arrays and byte swapping for optimization.
So I think this:
lcString = "SECRET STUFF"
* ... do super secret stuff here
lcString = SPACE(LEN(lcString)) && clear by replacing
lcString = .F. && deallocate
would do the trick as best as you can do within Fox code.
+++ Rick ---
Hi All,
I'm not sure how to ensure the memory that a VFP string is occupying is zeroed out for protection purposes. I know in .NET this is a nightmare for strings but is it easier with VFP. Lets say I have some sensitive unencrypted data in a string in VFP what can I do to clear that out immediately once I'm done with it?
Hope this makes sense.
Regards
Richard
