Confidential Information

It is shocking how easily sensitive information can be exposed, as you probably are aware. Sensitive information is not limited 2 personally identifiable information such as identification numbers, home addresses, emails and phone numbers. It can also include system information such as configuration and internals of the system, which could leak through a stack trace in an exception for example.
Guideline 2-2

Several Guidelines for Sensitive Information

Guideline 1:

Purge sensitive information from exceptions. Important Points:

Do not allow exceptions to expose file paths or file system information. Paths could contain the current user's name or home directory for example.
Do not pass exception information to end users in less you know exactly what it contains and it is sanitized . Catch, sanitize, the information and throw your own exceptions otherwise.

Guideline 2:

Do not log highly sensitive information. Some information should never be logged

1. data such as a) passwords: b) sensitive IDs, like a Social Security number or passport ID.
2. Do not pass this information to lower level libraries, which might log information unless you know exactly what they do.

Guideline 3:

3. Consider purging highly sensitive information from memory after use.
Important Points: You want to narrow the window when highly sensitive information may appear in core dumps, debugging and confidentiality attacks.
a. It may be appropriate to zero memory containing the data immediately after use rather than waiting for the garbage collection mechanism.