Home > mailing lists

Re: Password security question - Mailing list pgsql-hackers

From	mlw
Subject	Re: Password security question
Date	December 17, 2002 14:46:32
Msg-id	3DFF55AB.8010706@mohawksoft.com Whole thread Raw
In response to	Password security question ("Christopher Kings-Lynne" <chriskl@familyhealth.com.au>)
Responses	Re: Password security question
List	pgsql-hackers

Tree view


Christopher Kings-Lynne wrote:

>Hi guys,
>
>Just a thought - do we explicitly wipe password strings from RAM after using
>them?
>
>I just read an article (by MS in fact) that illustrates a cute problem.
>Imagine you memset the password to zeros after using it.  There is a good
>chance that the compiler will simply remove the memset from the object code
>as it will seem like it can be optimised away...
>
>Just wondering...
>
>Chris
>  
>
Could you post that link? That seems wrong, an explicit memset certainly 
changes the operation of the code, and thus should not be optimized away.

>  
>

pgsql-hackers by date:

From: mlw
Date: 17 December 2002, 10:59:30
Subject: Re: Suggestion; "WITH VACUUM" option

From: Greg Copeland
Date: 17 December 2002, 15:03:12
Subject: Re: Password security question

Re: Password security question - Mailing list pgsql-hackers

Previous

Next