Re: Password security question
| От | mlw |
|---|---|
| Тема | Re: Password security question |
| Дата | |
| Msg-id | 3DFF55AB.8010706@mohawksoft.com обсуждение исходный текст |
| Ответ на | Password security question ("Christopher Kings-Lynne" <chriskl@familyhealth.com.au>) |
| Ответы |
Re: Password security question
|
| Список | pgsql-hackers |
Christopher Kings-Lynne wrote: >Hi guys, > >Just a thought - do we explicitly wipe password strings from RAM after using >them? > >I just read an article (by MS in fact) that illustrates a cute problem. >Imagine you memset the password to zeros after using it. There is a good >chance that the compiler will simply remove the memset from the object code >as it will seem like it can be optimised away... > >Just wondering... > >Chris > > Could you post that link? That seems wrong, an explicit memset certainly changes the operation of the code, and thus should not be optimized away. > >
В списке pgsql-hackers по дате отправления: