Re: Password security question
| От | mlw |
|---|---|
| Тема | Re: Password security question |
| Дата | |
| Msg-id | 3DFF6D3D.4010606@mohawksoft.com обсуждение исходный текст |
| Ответ на | Password security question ("Christopher Kings-Lynne" <chriskl@familyhealth.com.au>) |
| Список | pgsql-hackers |
Greg Copeland wrote: >On Tue, 2002-12-17 at 10:49, mlw wrote: > > >>Christopher Kings-Lynne wrote: >> >> >> >>>Hi guys, >>> >>>Just a thought - do we explicitly wipe password strings from RAM after using >>>them? >>> >>>I just read an article (by MS in fact) that illustrates a cute problem. >>>Imagine you memset the password to zeros after using it. There is a good >>>chance that the compiler will simply remove the memset from the object code >>>as it will seem like it can be optimised away... >>> >>>Just wondering... >>> >>>Chris >>> >>> >>> >>> >>Could you post that link? That seems wrong, an explicit memset certainly >>changes the operation of the code, and thus should not be optimized away. >> >> >> >>> >>> >>> >>> > >I'd like to see the link too. > >I can imagine that it would be possible for it to optimize it away if >there wasn't an additional read/write access which followed. In other >words, why do what is more or less a no-op if it's never accessed again. > > It has been my experience that the MSC optimizer uses a patented Heisenberg optimizer. :) > > >
В списке pgsql-hackers по дате отправления: