| From: | mlw <pgsql(at)mohawksoft(dot)com> |
|---|---|
| To: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Password security question |
| Date: | 2002-12-17 16:49:47 |
| Message-ID: | 3DFF55AB.8010706@mohawksoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Christopher Kings-Lynne wrote:
>Hi guys,
>
>Just a thought - do we explicitly wipe password strings from RAM after using
>them?
>
>I just read an article (by MS in fact) that illustrates a cute problem.
>Imagine you memset the password to zeros after using it. There is a good
>chance that the compiler will simply remove the memset from the object code
>as it will seem like it can be optimised away...
>
>Just wondering...
>
>Chris
>
>
Could you post that link? That seems wrong, an explicit memset certainly
changes the operation of the code, and thus should not be optimized away.
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Copeland | 2002-12-17 17:00:19 | Re: Password security question |
| Previous Message | Tom Lane | 2002-12-17 15:51:59 | pgsql-server/src/backend/executor spi.c |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Copeland | 2002-12-17 17:00:19 | Re: Password security question |
| Previous Message | mlw | 2002-12-17 13:02:34 | Re: Suggestion; "WITH VACUUM" option |