curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: credentials in memory

From: Christian Schmitz via curl-library <>
Date: Fri, 30 Sep 2022 10:25:08 +0200

> Am 30.09.2022 um 09:43 schrieb Daniel Stenberg via curl-library <>:
> Hi,
> Is it worth doing something about?

Well, if you like to prevent picking passwords easily from memory dumps while a transaction is running, e.g. longer download, you may just do a bit of xor for the long term storage.

Like get a random 16 byte string at start and then xor values with it.
This way you won't need a crypto library as a reference for a non SSL enabled curl.

On the other side, when our applications passes a password to curl, it is still in some object property or even the textfield of the GUI.

Best regards,

Read our blog about news on our plugins:
Received on 2022-09-30