内存泄漏敏感信息 - Ionic
在我们的应用程序中,在安全测试期间,他们能够从内存转储中获取请求和响应详细信息。 请查找他们从转储中获得的以下详细信息,我们是否可以实施任何选项或流程来消除这种情况的发生:
CordovaHttpPlugin
post https:/XXXXXXXXXX/XXXXXXXXXX/login
username: XXXXXXXX
password XXXXXXX
json
Authorization
Bearer
null
Content-Type
application/json
Accept
text
ionic
安全团队正在使用工具“fridump”来获取内存数据。
我们可以添加离子或工具中的任何可能的方法来避免这种类型的内存转储。
In our application, during the security testing, they were able to get the request and response details from the memory dump.
Please find the following details they were able to get from the dump, is there any option or process we can implement to remove this from happening:
CordovaHttpPlugin
post https:/XXXXXXXXXX/XXXXXXXXXX/login
username: XXXXXXXX
password XXXXXXX
json
Authorization
Bearer
null
Content-Type
application/json
Accept
text
ionic
Security team is using tool "fridump" for getting the memory data.
Is there any possible methods in ionic or tools that we can add to avoid this type of memory dump.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们无法解决这个问题。安全团队建议我们暂时阻止该应用程序安装在已root的设备中,并对移动端保存的所有数据进行加密。
We were not able to resolve the issue. The security team advised us to prevent the application from installing in a rooted device for now, and also have all the data saved in the mobile side encrypted.