Passwords stored in memory: Is it safe?

351325 pts.
Tags:
Password
Password management
Security
I recently realized when you save a password in a variable, it's actually stored as plain text in the memory.

I know the OS does a good job by forbidding processes from accessing other allocated memory. But isn't it still bypassable? Is there a safer way to store passwords to make sure processess can't access them?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta

    What platform? What OS? If your programming is receiving a password and holding it in a variable, it's up to your programming to protect it. An OS (perhaps depending on hardware/firmware memory management) generally isolates address spaces from different processes; but that can't provide any guarantee if you don't control the machine.

    More detail would be useful, particularly any programming (or scripting) technologies being used.

    Tom

    125,585 pointsBadges:
    report
  • Kevin Beaver
    Is it safe? Well, it depends...You'll have to draw your own conclusions based on business needs, however, as I outline here, anyone with access to the machine can do just about anything with a hex editor (including finding passwords in memory): http://searchenterprisedesktop.techtarget.com/tip/Find-Windows-vulnerabilities-with-a-hex-editor
    17,440 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following