Wiping temporary files for security

I am working on an application that displays data from a database. Right now I am working on a set of modules that will generate an HTML page, including both text and images, display it in an web browser (built into the program but is actually MSIE), and gives the user the option to print it.

In the destructors of these classes I have instructions to delete the temporary files created, as they may contain official use only information.

Over the weekend I got to thinking that I should first overwrite the data with 0's (or any other bytes) and then delete them.

I've heard that some patterns of bytes a开发者_运维技巧re used in file wiping and that just a single pass may not be good enough, yet I can't think of any reason why. I've done some research and read up on wikipedia, and it seems that a single pass is going to work just as well.

Also, will adding the "no-cache" meta-tag in the HTML be sufficient to assure that MSIE doesn't copy the data to its own cache directory?

There are two programs that I know about that do it on Unix systems. You have to check out if they are available on Windows, either native or with Cygwin or something like that, or maybe you may find them useful to study how they do it.

1. srm available on Sourceforge
2. shred - part of the GNU coreutils

Both of them use the Gutmann method of writing a series of patterns over the data. See the Secure Deletion of Data from Magnetic and Solid-State Memory paper by Peter Gutmann for the explanation of the idea. See also the srm manpage the shred manpage for an introduction on how they work from the user's point of view.

Unless this is going into some system that requires overwriting with data (SOx, PCI DSS, HIPAA; I'm pretty sure these are only required for hard-drive decommissioning, not normal program compliance) this is overkill.

The National Institute of Standards and Technology recommended a single wipe using your choice of 0's or 1's. This is outlined in the document SP800-80. If you need to comply with a set of standards, they probably have a section relating to "media sanitation" or something similarly named.