Christopher Kings-Lynne wrote:
Hi guys,
Just a thought - do we explicitly wipe password strings from RAM after using
them?
I just read an article (by MS in fact) that illustrates a cute problem.
Imagine you memset the password to zeros after using it. There is a good
chance that the compiler will simply remove the memset from the object code
as it will seem like it can be optimised away...
Just wondering...
Chris
Could you post that link? That seems wrong, an explicit memset certainly
changes the operation of the code, and thus should not be optimized away.
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
