Hi, On Wed, Aug 14, 2024 at 08:52:54AM +0200, Gert Doering wrote: > On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote: > > Nonetheless, on Windows, we could easily add CryptProtectMemory() with > > SAME_PROCESS access for good measure, especially for those who cannot use > > "--auth-nocache". That will also add some protection to proxy passwords > > which are always cached for some reason. > > Would you be willing to send something?
Looking a bit closer, this is less straightforward than I thought (I was expecting something "protect this memory from prying eyes", but it's "crypt/decrypt this chunk of memory", which would need to be woven into whenever we want to access or update the user/password structures, including auth tokens)... Still doable, and possibly worth trying. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users