http://qs321.pair.com?node_id=915518


in reply to RFC: SecureString - Obfuscated / masked strings exept when you need them

Sorry if I'm missing the point, but why can't you just not log the sensitive data?

Replies are listed 'Best First'.
Re^2: RFC: SecureString - Obfuscated / masked strings exept when you need them
by duelafn (Parson) on Jul 19, 2011 at 21:13 UTC

    Indeed, possible. That falls under the "Be more careful" option, however, the assumption of "CONSTANT VIGILANCE!" is the enemy of good security. Up until now, I have stuck with the constant vigilance approach, but it can get difficult. For instance, some systems save values/query parameters into some form of "global" request object/hash then pass that thing around. While that is a bad idea security-wise (for exactly this issue), it is not an uncommon approach and can be done in a reasonable way (meaning, I have seen at least one system that did this that was robust and not painful to work with).

    So far, I think that an approach such as SecureString would be easier/safer in these situations, and probably also in more security-ideal situations. Of course, I've been mulling the idea around subconsciously for a while and I wrote the thing, so of course it looks like a good idea to me. I am not yet sure whether this type of approach falls in the "good idea" camp or the "gimmick that on the surface looks like a good idea, but falls down in practice or leads to bad practices or is just plain silly" camp.

    Good Day,
        Dean