Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: How to stop bearer tokens leaking
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Patrick Monnerat via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 6 Nov 2021 02:03:36 +0100
On 11/5/21 16:40, Stephen Booth via curl-library wrote:
>
> I missed the --oauth-bearer option because I checked the flags on an
> old box with an old curl version :-)
Your version is more than 8 years old ! :-( You better upgrade, as a lot
of other more serious security problems have been fixed since then.
Please note also that argument obfuscation does not reduce the leakage
risk to 0: there's still a tiny time between the program start and the
info erasure, and it even does not work for some OSes.
Date: Sat, 6 Nov 2021 02:03:36 +0100
On 11/5/21 16:40, Stephen Booth via curl-library wrote:
>
> I missed the --oauth-bearer option because I checked the flags on an
> old box with an old curl version :-)
Your version is more than 8 years old ! :-( You better upgrade, as a lot
of other more serious security problems have been fixed since then.
Please note also that argument obfuscation does not reduce the leakage
risk to 0: there's still a tiny time between the program start and the
info erasure, and it even does not work for some OSes.
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-11-06