How do I clear sensitive memory in JavaScript?
I have a login form for the user to enter their password. This form is associated with the AngularJS model. Suppose the user password is accessible through the corresponding controller $scope.password
.
Actual login procedure processed this call functions login($scope.email, $scope.password)
. After this procedure, the application logic no longer needs the password and I want to remove it from the browser memory.
For me, the most obvious question is, what can I do right after the call login($scope.email, $scope.password)
to clear the memory containing the value it is bound to $scope.password
? Hopefully this question applies to JavaScript in general.
But then following from here I have two more AngularJS related questions:
-
Is the password form value tied to more internal AngularJS variables than just
$scope.password
? In this case, overriding$scope.password
would not have helped. -
When you switch the view, the controller corresponding to the old view and its scope become "destroyed". Should I just rely on garbage collection to clear the memory containing the password within a short amount of time after going out of login mode?
source to share
As nothing in various web browser-related scenarios makes commitments to the content of the browser, you can never be sure that you are clearing memory.
Consider a simple JS code:
x=1234;
x=5678;
Even in such a simple snippet, you have no guarantee that you have actually removed 1234
from memory. All you know is that when you link to x
, its meaning will be 5678
. You do not know if 5678
1234
it has been overwritten or written to a new memory location.
Likewise, once the user has entered their password in response to a form containing:
<input type="password" name="p">
You have no guarantee that you can erase memory with their password; even if you run the form again.
The only way to get around these limitations is to write a thick client that runs as a desktop application or browser plugin.
Please note that none of the above means browsers are sloppy with secrets in their memory. Typically, they try to prevent memory vulnerabilities. You just don't understand what they are doing and how you can use it. Even if you did, it would be specific to each browser version.
So, if you don't feel like you need to protect your password more than, say, your bank, take advantage of the fact that you have to put your users' passwords in the safe hands of the browser. p>
source to share
If this is a real risk to your application, your only real choice is to create a login page that is separate from the application.
To submit a password, you can use the standard login form, the response will force the browser to fetch a new page, and all existing memory with the password is ignored.
source to share