Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Overwrite then set to null

Tags:

c#

sql-server

asp.net

e-commerce

pci-compliance

I am working on a legacy ecommerce platform and have noticed a convention when dealing with credit card numbers. C#

cardnumber = "11111111111111111111";
cardnumber = null;

or in sql

update cards set cardnumber = '11111111111111111111' where customerid = @CustomerID
update cards set cardnumber = null where customerid = @CustomerID

I presume the reasoning is to remove it from memory before setting it to null which may not remove the value. But that reasoning would seem to suggest that SQL Server and/or the .NET VM had vulnerabilities in where just setting it to null would not remove the data completely just say that it is available.

  1. Is my understanding of it correct?
  2. Does it still need to be performed today?
like image 413
tgandrews Avatar asked Apr 19 '13 09:04

tgandrews

1 Answers

I don't know for SQL, but in C#, it doesn't make sense. Since the string is immutable, you cannot override the data, even if you try as hard as you can.

When you write

cardnumber = "11111111111111111111";

This just creates another string in memory, but the old card number is still here, somewhere in the memory.

And when you write

cardnumber = null;

It dereference the previously created string, and now you have a reference cardnumber pointing on nothing. But your string containing real card number is still here.
So this code is not only wrong, it is dangerous because it gives you a false sense of security.

Take a look at what the MSDN said on the SecureString page shared by George Duckett in the comments:

An instance of the System.String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used because your application cannot delete the data from computer memory.

Further readings:

  • Payment Processors - What do I need to know if I want to accept credit cards on my website?
like image 52
Cyril Gandon Avatar answered Nov 07 '22 23:11

Cyril Gandon
Sign in to Comment

Related questions

An unhandled exception of type 'System.OutOfMemoryException' occurred in System.Drawing.dll Additional information: Out of memory
Find the methods setup on mock using MOQ
Different MVC4 action based on GET variable
MVC4 - Ajax.ActionLink() GET returning 500 internal server error
System.Diagnostics Traces wildcard for source name
Levenshtein distance c# count error type
How to clone UIElement in WinRT XAML C#?
IsolatedStorageFile or Windows.Storage APIs for Windows Phone 8?
Check if app runs on Simulator
Strange behavior from .NET regarding file paths
Get file inside views folder in ASP.Net MVC 4.0
How to expire/update ClaimsIdentity Claims stored in a Web API SessionToken
Read XLS with Protected Book and Sheet via HSSF.EventUserModel
Pattern search in a System.IO.Stream
Is it valid to use `<%= "{0}, {1}", arg1, arg2 %>` in place of `<%= string.Format("{0}, {1}", arg1, arg2) %>` in ASP.NET aspx pages
Task Dataflow, can a data block be changed from completion state?
Put object to Amazon S3 using .net async
parallel.foreach - loopState.Stop() versus Cancellation
Linq Filter row differences in historical
In C#, why you can set a property to its self [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!