Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: credentials in memory
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 30 Sep 2022 10:57:59 +0200 (CEST)
On Fri, 30 Sep 2022, David Woodhouse wrote:
> Don't forget to ensure that all *transitional* storage is securely wiped,
> including request buffers in which the password has been (decrypted and)
> sent.
The buffers we use for transport are all used temporary and are never kept
around for long until they are overwritten again.
I suppose that if an error occurs exactly when the block of data is meant to
get sent off and the buffer then contains the password (for FTP, or HTTP basic
or similar), it risks linger around for a longer time.
Date: Fri, 30 Sep 2022 10:57:59 +0200 (CEST)
On Fri, 30 Sep 2022, David Woodhouse wrote:
> Don't forget to ensure that all *transitional* storage is securely wiped,
> including request buffers in which the password has been (decrypted and)
> sent.
The buffers we use for transport are all used temporary and are never kept
around for long until they are overwritten again.
I suppose that if an error occurs exactly when the block of data is meant to
get sent off and the buffer then contains the password (for FTP, or HTTP basic
or similar), it risks linger around for a longer time.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-09-30