Quick Links

Password security question

From:	"Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>
To:	"Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Password security question
Date:	2002-12-17 02:07:55
Message-ID:	GNELIHDDFBOCMGBFGEFOMEKFCEAA.chriskl@familyhealth.com.au
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers pgsql-hackers

Hi guys,

Just a thought - do we explicitly wipe password strings from RAM after using
them?

I just read an article (by MS in fact) that illustrates a cute problem.
Imagine you memset the password to zeros after using it. There is a good
chance that the compiler will simply remove the memset from the object code
as it will seem like it can be optimised away...

Just wondering...

Chris

In response to

pgsql-server/src backend/nodes/nodes.c backend ... at 2002-12-16 16:22:46 from Tom Lane

Responses

Re: Password security question at 2002-12-17 02:17:49 from Gavin Sherry
Re: Password security question at 2002-12-17 16:49:47 from mlw

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Gavin Sherry	2002-12-17 02:17:49	Re: Password security question
Previous Message	Tom Lane	2002-12-17 01:18:38	pgsql-server/src/backend nodes/list.c optimize ...

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Gavin Sherry	2002-12-17 02:17:49	Re: Password security question
Previous Message	Tom Lane	2002-12-17 01:16:27	Re: Suggestion; "WITH VACUUM" option