Basic rules of secure programming
While writing SecretBook I try to adhere to some basic rules to make SecretBook as secure as is possible. I’ve never listed those rules before, so I thought it was about time I did.
1. Never copy a variable containing a password
Instead of passing a variable around containing a password I try and keep it in one place. Code that needs the password can ask the object that owns the password to use it. In the case of SecretBook there is a class called SBCrypto. It owns the password (or more correctly a key derived from the password) and is the only place that has access to it. You can ask SBCrypto to encrypt or decrypt something, but you can’t ask it for the password.
2. Don’t retain anything for longer than necessary
Once you’re done with a piece of private information you need to clear it away as soon as possible.
3. Overwrite memory when done
Where possible don’t just deallocate an object, but overwrite the memory so that the underlying data is destroyed.
4. Only decrypt when absolutely necessary
Sometimes this is hard work, but it is worth it. For example when you Copy a value in SecretBook it does not actually decrypt it. All the code does is signal to the clipboard that SecretBook owns the clipboard. When (and if) you do a Paste the clipboard asks SecretBook for the value, it’s only then that it is decrypted. If you don’t paste then no decryption occurs. That’s also how SecretBook can tell if you have pasted already and clears the clipboard after a paste if you have OnePaste enables.
Some simplistic password applications encrypt your entire file in one go. The downside to that is they also decrypt your entire file whenever you open it.
5. Keep things self contained
Unix, on which Mac OS X is based has a long history of enabling secure applications. One of the basics of this security is address space protection. One application cannot snoop in the memory of another application. This is why SecretBook is a self contained application and has no plug-ins. You know those Safari plug-in apps that you may be tempted to use, well any other plug-in can access your passwords. That’s not a risk I’d be prepared to take.
You can’t always keep to these rules, sometimes Cocoa requires you to copy something, say for example when you are using a text field. As the Pirates in Pirates of the Caribean say, “they’re more ‘guidelines’ than rules”, but they are important nevertheless.
Our Apps
SongBook DigiFi
3.0.9More Info
SongBook UPNP
3.0.9More Info
SongBook '11 UPNP HD
4.0.0More Info
SongBook Mac
Mac 3.2.0More Info
Subscribe
Archives
- October 2011
- August 2011
- May 2011
- January 2011
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
Leave a Comment
You should not post support requests here as comments. The quickest way to get your support issue resolved is to email support@bookshelfapps.com, you will get a response and your issue will be tracked if you do this. A comment here may or may not get noticed. For more information on support see the support section