influxdb-client-csharp I used System Informer to check the HTTPS commands sent by influxdb-client-csharp and found that the Token, which is sensitive information, was not promptly cleared from memory.

I used System Informer to check the HTTPS commands sent by influxdb-client-csharp and found that the Token, which is sensitive information, was not promptly cleared from memory.

Open Shirley-Ji-59 opened this issue 8 months ago • 1 comments

Steps to reproduce: List the minimal actions needed to reproduce the behavior.

Use GetOrganizationApi.FindOrganizationsAsync() to get organization list.
Use System Informer to get the application memory and found that we can read the Token information in the memory

Expected behavior: the token sensitive information in memory is not visible.

Actual behavior: the token sensitive information in memory is visible.

Specifications:

Jun 20 '24 08:06 Shirley-Ji-59