Skip site navigation (1) Skip section navigation (2)

Re: Password security question

From: mlw <pgsql(at)mohawksoft(dot)com>
To: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
Cc: Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Password security question
Date: 2002-12-17 16:49:47
Message-ID: 3DFF55AB.8010706@mohawksoft.com (view raw or flat)
Thread:
Lists: pgsql-committerspgsql-hackers

Christopher Kings-Lynne wrote:

>Hi guys,
>
>Just a thought - do we explicitly wipe password strings from RAM after using
>them?
>
>I just read an article (by MS in fact) that illustrates a cute problem.
>Imagine you memset the password to zeros after using it.  There is a good
>chance that the compiler will simply remove the memset from the object code
>as it will seem like it can be optimised away...
>
>Just wondering...
>
>Chris
>  
>
Could you post that link? That seems wrong, an explicit memset certainly 
changes the operation of the code, and thus should not be optimized away.

>  
>



In response to

Responses

pgsql-hackers by date

Next:From: Greg CopelandDate: 2002-12-17 17:00:19
Subject: Re: Password security question
Previous:From: mlwDate: 2002-12-17 13:02:34
Subject: Re: Suggestion; "WITH VACUUM" option

pgsql-committers by date

Next:From: Greg CopelandDate: 2002-12-17 17:00:19
Subject: Re: Password security question
Previous:From: Tom LaneDate: 2002-12-17 15:51:59
Subject: pgsql-server/src/backend/executor spi.c

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group