On Fri, 30 Sep 2022, David Woodhouse wrote:
Don't forget to ensure that all *transitional* storage is securely wiped, including request buffers in which the password has been (decrypted and) sent.
The buffers we use for transport are all used temporary and are never kept around for long until they are overwritten again.
I suppose that if an error occurs exactly when the block of data is meant to get sent off and the buffer then contains the password (for FTP, or HTTP basic or similar), it risks linger around for a longer time.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
