Question
The POST request on the Login page containing the username and password of the user is stored in the browser memory. The browser's memory can be read using memory-reading tools like WinHex. An adversary with access to the user's open browser, after logout, can thus steal the password from the memory. How can I use JavaScript to flush the memory of the browser or browser-cache?
One option I have is to encrypt passwords, but that is a lengthy process. Can't JavaScript do the job?
Solution 2
The best solution would be to use salted hashing technique.
This technique ensures that even if someone reads the memory the password is not visible in clear text. Also, it is impossible to retrieve the password as the attacker would require the salt that was used to hash the password before transmission.
http://palisade.plynt.com/issues/2004Aug/passwords-in-memory/
http://plynt.com/blog/2006/06/sending-salted-hashes-just-got/
OTHER TIPS
You cannot. JavaScript provides no manual memory management features or ability to force clear the user's cache.
https://stackoverflow.com/questions/23387359
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian