如何清除JavaScript中的敏感内存? [英] How to clear sensitive memory in JavaScript?

问题描述

我有一个登录表单，供用户键入他/她的密码.该形式绑定到AngularJS模型.假设在相应的控制器中，可以通过$scope.password使用用户提供的密码.

I have a login form for a user to type his/her password. This form is bound to an AngularJS model. Suppose that in the corresponding controller the user-given password is available via $scope.password.

实际的登录过程由以下函数调用处理:login($scope.email, $scope.password).完成该过程后，应用程序逻辑不再需要密码，我希望从浏览器的内存中清除密码.

The actual login procedure is handled by this function call: login($scope.email, $scope.password). After that procedure the application logic does not need the password anymore and my wish is to clear it from the browser's memory.

对我来说，最明显的问题是:调用login($scope.email, $scope.password)后我该怎么办才能清除持有$scope.password当前绑定值的内存?我希望这个问题总体上对JavaScript有效.

To me, the most obvious question is: what can I do right after calling login($scope.email, $scope.password) in order to clear the memory holding the value that $scope.password is currently bound to? This question is valid for JavaScript in general, I hope.

但是，接下来，从这里开始，我还有两个特定于AngularJS的问题:

But then, following up from here, I have two more AngularJS-specific questions:

• 密码表值是否绑定到了更多的AngularJS内部变量而不是仅绑定到$scope.password?在这种情况下，覆盖$scope.password将无济于事.

• Is the password form value bound to more AngularJS-internal variables than just to $scope.password? In that case, overriding $scope.password would not be helpful.

切换视图时，与旧视图相对应的控制器及其作用域被破坏".从登录视图切换后，我是否应该仅依靠垃圾回收在短时间内清除包含密码的内存?

When switching the view, the controller corresponding to the old view and its scope become "destroyed". Should I simply rely on the garbage collection to clear the memory containing the password within a short time interval after switching away from the login view?

推荐答案

由于各种与Web浏览器相关的场景中的任何内容都不会对浏览器内存的内容作出承诺，因此您永远无法确定要清除内存.

As nothing in the various web browser related scenarios makes commitments about the contents of browser memory, you can never be sure that you are clearing memory.

考虑简单的JS代码:

x=1234;
x=5678;

即使在如此简单的代码段中，也无法保证您确实已从内存中删除了1234.您所知道的是，当您引用x时，其值将为5678.您不知道5678是否覆盖了1234还是被写入了新的内存位置.

Even in such a simple snippet you have no guarantee that you've actually removed 1234 from memory. All you know is that when you reference x its value will be 5678. You don't know if 5678 overwrote 1234 or was written to a new memory location.

类似地，一旦用户输入密码以响应包含以下内容的表单:

Similarly, once the user has entered their password in response to a form containing:

<input type="password" name="p">

您无法保证可以擦除拥有其密码的内存；即使您再次运行该表单.

You have no guarantee that you can ever erase the memory holding their password; even if you run the form again.

克服这些限制的唯一方法是编写一个胖客户端，该胖客户端作为桌面应用程序或浏览器插件运行.

The only way around these limitations is to write a fat client that is run as a desktop app or browser plugin.

请注意，以上所有内容均不能说明浏览器草率的内存中包含秘密.他们通常试图防止内存检查漏洞.只是您对他们的工作以及如何利用它不了解.即使您这样做了，它也将特定于每种浏览器版本.

Note that none of the above is meant to state that browsers are sloppy with secrets in their memory. They generally try to prevent memory examination vulnerabilities. It's just that you have no insight into what they do and how you can leverage it. Even if you did, it would be specific to each browser version.

因此，除非您认为需要比银行等更多地保护密码，否则请使用以下事实:必须将用户的密码交到(希望)浏览器值得信赖的手中.

So, unless you feel that you need to protect the password more than, for example, your bank, get use to the fact that you must put your users' passwords into the (hopefully) trustworthy hands of the browser.

这篇关于如何清除JavaScript中的敏感内存?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！