On Mon, Jun 24, 2019 at 02:08:50PM +0900, Michael Paquier wrote: > CreateRole() and AlterRole() can manipulate a password in plain format > in memory. The cleanup could be done just after calling > encrypt_password() in user.c. > > Could it be possible to add the new flag in pg_config.h.win32?
While remembering about it... Shouldn't the memset(0) now happening in base64.c for the encoding and encoding routines when facing a failure use explicit_zero()? -- Michael
signature.asc
Description: PGP signature
