Pavan Deolasee wrote:
--- 1179,1189 ----
                             dbname, user, password);

       /* We can immediately discard the password -- no longer needed */
!       if (password)
!       {
!           memset(password, '\0', strlen(password));
+       }

Any reason why we do this ? "password" is anyways freed.  I think you
might have left it behind after some debugging exercise.

I believe it's for security reasons. If that memory page is for example swapped to disk after freeing the field, the password would be written to the swapfile. Someone who steals your laptop would be able to recover it from there. Clearing passwords from memory when they're no longer needed is a good practice.

  Heikki Linnakangas

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

Reply via email to