On Sun, Jun 23, 2019 at 09:57:18PM +0200, Peter Eisentraut wrote:
> On 2019-06-23 21:55, Peter Eisentraut wrote:
>> On 2019-06-21 15:25, Tom Lane wrote:
>>> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
>>>> +#ifndef HAVE_EXPLICIT_BZERO
>>>> +#define explicit_bzero(b, len) bzero(b, len)
>>>> +#endif
>>>
>>> This presumes that every platform has bzero, which is unsafe (POSIX
>>> doesn't specify it) and is an assumption we kicked to the curb a dozen
>>> years ago (067a5cdb3). Please use memset() for the substitute instead.
+1.
>> OK, done.
>
> and with patch attached
CreateRole() and AlterRole() can manipulate a password in plain format
in memory. The cleanup could be done just after calling
encrypt_password() in user.c.
Could it be possible to add the new flag in pg_config.h.win32?
--
Michael