3

I have a general question regarding how to securely clear sensitive data from memory when not used any more...

I make an SQL query resulting in a DataTable dt..

When I leave the form I call dt.Dispose(); and even gc.Collect(); to be sure...

But if I make a memory dump of the process after this, I can easily get to all the data of that Table. Even if I have left the context in which they should be accessible...

This can be a security issue, and I'm wondering how this is generally handled in c#/.net ? Also for other objects...

Thanks in advance for any guidance

Liam
  • 27,717
  • 28
  • 128
  • 190
Beaker
  • 227
  • 2
  • 14
  • 6
    IF this is a genuine security issue for you, managed code is probably the wrong tool for the job, to start with. – Damien_The_Unbeliever Jul 06 '16 at 10:51
  • 3
    You should set `dt = null;` instead of disposing http://stackoverflow.com/questions/913228/should-i-dispose-dataset-and-datatable and swich from debug to release mode – fubo Jul 06 '16 at 10:52
  • @fubo - the only time that setting a variable to null would be relevant is if it is a field/property of an object that is anticipated to have a longer lifetime than the object currently pointed to by that variable. By the OPs statement of "I have left the context in which they should be accessible", I doubt that this is the situation. – Damien_The_Unbeliever Jul 06 '16 at 10:53
  • 1
    @Damien_The_Unbeliever OP says that he is out of the context but you don't know the code. He could be overlooked that part aswell. And i've made the experience that debug mode keeps the data longer than necessary. – fubo Jul 06 '16 at 10:58
  • I wonder in what environment the unwanted user can access the machine when the process is running and dump the memory? – Stephen Zeng Jul 06 '16 at 13:46

0 Answers0