I recently realized when you save a password in a variable, it's actually stored as plain text in the memory.
I know the OS does a good job by forbidding processes from accessing other allocated memory. But isn't it still bypassable? Is there a safer way to store passwords to make sure processess can't access them?
What platform? What OS? If your programming is receiving a password and holding it in a variable, it's up to your programming to protect it. An OS (perhaps depending on hardware/firmware memory management) generally isolates address spaces from different processes; but that can't provide any guarantee if you don't control the machine.
More detail would be useful, particularly any programming (or scripting) technologies being used.
Is it safe? Well, it depends...You'll have to draw your own conclusions based on business needs, however, as I outline here, anyone with access to the machine can do just about anything with a hex editor (including finding passwords in memory): https://searchenterprisedesktop.techtarget.com/tip/Find-Windows-vulnerabilities-with-a-hex-editor
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 2 Replies
What platform? What OS? If your programming is receiving a password and holding it in a variable, it's up to your programming to protect it. An OS (perhaps depending on hardware/firmware memory management) generally isolates address spaces from different processes; but that can't provide any guarantee if you don't control the machine.
More detail would be useful, particularly any programming (or scripting) technologies being used.
Tom