Menu
In this question, Mubashar asks about storing sensitive info securely in memory using C#, and is pointed to the SecureString class from .NET. Is there an existing comparable tool that will do this in node.js? Otherwise, which is the way to go about doing this using node resources available?
399
The only way to go is to use a typed array like Uint8Array (the Buffer class is only a thin wrapper) and filling it with null or any other value after use.
But there are some things to consider:
When you get, for example, credentials, you most likely get them as JSON. In that case any efforts are for nought when you don't intercept so the request body doesn't get stored inside a string like any web-framework will do.
When you read API keys from text files, it should be obvious why memory safety might not be the biggest concern. For that one should consider a keystore.
But even then you cannot be really sure that there are no leaks. For example, I doubt that node.js streams clean up after themselves. And even if you override them manually, there could be leaks from copying or system APIs. Even password managers have issues with leaking password.
To summerize: Even if you consider everything, there most likely will be leaks which you cannot prevent.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
