is .net caching sensitive data will be dangerous in manner of security or have any security issues?

Question

I am using asp.net 4. i wonder if it will be secure to caching sensitive data? is it dangerous in manner of security or any other security issues?

Answer 1

Well yes. Inherently holding onto something means there's more chance of someone who shouldn't get it, getting it. If it's sensitive, then it's a newly introduced danger.

The two pertinent questions are:

1. How likely is it to be leaked.
2. How sensitive is this.

Something cached in memory isn't very likely to be leaked, but it's possible.

Something cached in memory and accessible through a session or a cookie is more likely to be leaked (hijack the session or the cookie, respectively).

Something cached in a database is more likely to be leaked (it's easier to steal a file than a memory dump).

Take for a real-world example, websites that have a "remember me" option. This one does, and most social sites do. It increases the risk that someone could get the data necessary to impersonate you, but really the worse that this could mean is they go around Spamming until your account gets banned - annoying but not the end of the world.

Most banking sites do not have a "remember me" option. The risk of leakage is just as low (indeed lower if they insist you confirm before certain operations), but the value of the equivalent data is much higher, and the risk is no longer acceptable.

Edit: One important thing to note in the example I give. Sites that "remember you" do so by remembering in some way that you are logged in, not the user/pass necessary to do so (sites like this using OpenID don't even see a user/pass). If you were remembering a user/pass you risk leaking a user/pass used in lots of sites, rather than risking let someone log in to just your site, so the risk is much higher again.

Answer 2

I tend to cache the encrypted data and only do decryption at the point of request. Finally zeroing out the memory.

Guess if it was left in memory, in plain text, it would not be too hard for an attacker to work things out from a memory dump.

Answer 3

As per Microsoft's pattern & practices this what they suggest

Do not cache sensitive data

If your service method contains data that is sensitive, such as a password, credit card number, or account status, it should not be cached. If sensitive data is cached on the client machine, it has serious security implications because it leaves interesting data available to attackers.

Perform the following steps to ensure that sensitive data is not cached:

Review operations for sensitive data. Review all of your operations for usage of sensitive data. This could include but is not limited to: Information that either contains personally identifiable information (PII) or can be used to derive PII that should not be shared with users Information that a user provides that they would not want shared with other users of the application Information that comes from an external trusted source that is not designed to be shared with users Review the operations for caching of sensitive data. Review how each operation manages sensitive data and ensure that it is not cached. There are three patterns of sensitive data caching that you can review for: Custom caching code such as use of a Dictionary or SortedList object Use of the ASP.NET cache via System.Web.Caching.Cache. Use of an Enterprise Library caching block

Answer 4

It depends what you do with it. The data is held in the memory of the web server. There would be no way to access this data, unless you wrote a way to do it, or the attacker had access to your source code & write access to the web app.