I think we need a new sub-forum for "Security", but I'll post here for now.

I am wondering about recommendations on where to store secret keys used for encrypting or signing things. I'm hoping Jeroen at DAE will answer, as he seems to be the point-man on security stuff in the community ATM, but I'd be interested in anybody's views. I could have just asked him directly by e-mail, but I think this is a subject we could all do with best-practice guidance on.

The mechanism DAW seem to have chosen is to have these in files in the AppSrc directory of a project where they get compiled into an app, but need never be a (visible) part of the deployed application (LoginEncryption.pkg --> LoginEncryptionKey.inc for instance).

However elsewhere (in his EDUC presentation for one) Jeroen said:
Note that the key variable is passed by reference. This ensures that we do not have multiple copies of the key in memory. The library will overwrite it with zeroes before returning from Initialize, so it will only be in memory for a very short period of time. Hackers will hate us for this.
So what Jeroen seems to be concerned about is secret keys lying around in memory, which with, say, a web app running 20 processes in a pool, the DAW method would do quite a bit of, being vulnerable to something like the Heartbleed problem (I love it that XKCD is the best explanation of that ). (If you think that is safe, try opening a DataFlex exe file with a password in it in, say, Notepad++: the password is right there in clear text, although identifying it as such is not so easy.) From that PoV having such keys in memory for any length of time is to be avoided, which points to them having to be somewhere else.

The database, maybe? That has issues as well, IMO.

Somewhere on disk, to be read when required then immediately overwritten with zeros? You might argue that if an attacker can access the disk then your security is already deeply compromised! However I don't know what might still be in memory after such a disk read. Maybe that is a problem too. In addition, unauthorised employees might be able to access files on disk, even if external hackers cannot.

Answers on a postcard!

Mike