Do Not Cache Sensitive Data
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
If your service method contains data that is sensitive, such as a password, credit card number, or account status, it should not be cached. If sensitive data is cached on the client machine, it has serious security implications as it leaves interesting data
available to attackers.
To ensure sensitive data is not cached use the following steps:
- Review operations for sensitive data. Review all of your operations for usage of sensitive data, this could include but is not limited to:
- Information that either contains personally identifiable information or can be used to derive personally identifiable information that should not be shared with users.
- Information that a user provides that they would not want shared with other users of the application.
- Information that comes from an external trusted source that is not designed to be shared with users.
- Review the operations for caching of sensitive data. Review how each operation manages sensitive data and ensure it is not cached. There are three patterns of sensitive data caching you can review for:
- Custom caching code such as use of a Dictionary or SortedList object
- Use of the ASP.NET cache via System.Web.Caching.Cache.
- Use of Enterprise Library caching block