From: | Greg Copeland <greg(at)CopelandConsulting(dot)Net> |
---|---|
To: | mlw <pgsql(at)mohawksoft(dot)com> |
Cc: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Password security question |
Date: | 2002-12-17 17:00:19 |
Message-ID: | 1040144418.16087.152.camel@mouse.copelandconsulting.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On Tue, 2002-12-17 at 10:49, mlw wrote:
> Christopher Kings-Lynne wrote:
>
> >Hi guys,
> >
> >Just a thought - do we explicitly wipe password strings from RAM after using
> >them?
> >
> >I just read an article (by MS in fact) that illustrates a cute problem.
> >Imagine you memset the password to zeros after using it. There is a good
> >chance that the compiler will simply remove the memset from the object code
> >as it will seem like it can be optimised away...
> >
> >Just wondering...
> >
> >Chris
> >
> >
> Could you post that link? That seems wrong, an explicit memset certainly
> changes the operation of the code, and thus should not be optimized away.
>
> >
> >
>
I'd like to see the link too.
I can imagine that it would be possible for it to optimize it away if
there wasn't an additional read/write access which followed. In other
words, why do what is more or less a no-op if it's never accessed again.
--
Greg Copeland <greg(at)copelandconsulting(dot)net>
Copeland Computer Consulting
From | Date | Subject | |
---|---|---|---|
Next Message | Ken Hirsch | 2002-12-17 17:11:21 | Re: Password security question |
Previous Message | mlw | 2002-12-17 16:49:47 | Re: Password security question |
From | Date | Subject | |
---|---|---|---|
Next Message | Ken Hirsch | 2002-12-17 17:11:21 | Re: Password security question |
Previous Message | mlw | 2002-12-17 16:49:47 | Re: Password security question |