Password security question

From: "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>
To: "Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Password security question
Date: 2002-12-17 02:07:55
Message-ID: GNELIHDDFBOCMGBFGEFOMEKFCEAA.chriskl@familyhealth.com.au
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

Hi guys,

Just a thought - do we explicitly wipe password strings from RAM after using
them?

I just read an article (by MS in fact) that illustrates a cute problem.
Imagine you memset the password to zeros after using it. There is a good
chance that the compiler will simply remove the memset from the object code
as it will seem like it can be optimised away...

Just wondering...

Chris

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Gavin Sherry 2002-12-17 02:17:49 Re: Password security question
Previous Message Tom Lane 2002-12-17 01:18:38 pgsql-server/src/backend nodes/list.c optimize ...

Browse pgsql-hackers by date

  From Date Subject
Next Message Gavin Sherry 2002-12-17 02:17:49 Re: Password security question
Previous Message Tom Lane 2002-12-17 01:16:27 Re: Suggestion; "WITH VACUUM" option