Data from closed secure drive displayed in newly-opened Notepad++
-
On Windows 10, I had some Notepad++ buffers open to files on an open secure drive, then I closed Notepad++, closed the secure drive, restarted Windows, opened Notepad++ again without first opening the secure drive, and those same buffers were present with the data from the secure drive files displayed in them, even though the secure drive that holds those files was closed.
Have not yet intentionally reproduced this behavior so it may be due to some hard-to-reproduce sequence of activities, but the point is that Notepad++ seems to have squirreled away the actual content of those files from the secure drive in some location that continued to be available after the secure drive from which they came had been closed.
I did have a lot of buffers open at the time, some of which were not saved to any file. It seems that by design Notepad++ saves the content of such unsaved buffers, so perhaps that behavior was inappropriately applied somehow to files that were no longer available in their original locations when Notepad++ was freshly opened.
Of course if this behavior is confirmed it could result in secure data being unintentionally exposed.
-
@Lou-Thomas said in Data from closed secure drive displayed in newly-opened Notepad++:
It seems that by design Notepad++ saves the content of such unsaved buffers, so perhaps that behavior was inappropriately applied somehow to files that were no longer available in their original locations when Notepad++ was freshly opened.
It’s not “inappropriately”. It’s working as designed. When you have the setting Settings > Preferences > Backup > ☑ Enable session snapshot and periodic backup, Notepad++ saves a copy of every edited-but-not-saved tab into the listed backup directory. It does not care whether there’s a file on the filesystem or not. If you exit when your “secure” file is edited but not saved, then (1) the copy on the “secure drive” will not be saved to the most recent state, so the real file will not be updated, and (2) the backup copy will be in Notepad++'s directory. When Notepad++ re-runs, it will see you had an unsaved document, and will open with the copy from the backup – it does not care whether that backup maps to a real file or not. (If it did, then the primary use for that feature – saving unnamed
new 1-style files that have never had a filesystem name applied yet – would not work.)If you don’t like that it’s storing the unsaved contents of documents in the backup drive, you can turn off the setting I indicated. (There’s no way to get a mix of the two behaviors; either all open tabs will have unsaved changes stored in backup when that option is on, or no open tabs will have unsaved changes stored in backup with that option is off.)
Of course if this behavior is confirmed it could result in secure data being unintentionally exposed.
If you deal with secure data, then onus is on you to understand how the applications you are using to handle that data deal with the data, and make sure your workflow with those applications does not violate your security protocols. Notepad++ cannot know and protect against every possible security protocol out there. Notepad++'s handling of backups and unsaved files is well documented, both here in our backup FAQ and in the npp-user-manual.org website that’s linked from Notepad++'s ?-menu Notepad++ Online User Manual (specifically, the Preferences > Backup section)
