[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Dale McCoy <dalestan_at_gmail.com>
Date: Mon, 11 Apr 2011 19:56:04 -0400

On Mon, Apr 11, 2011 at 17:55, Simon Large <simon.tortoisesvn_at_gmail.com> wrote:
> I think the issue is simply that when the program (TProc) exits, that
> physical memory is freed and can then be allocated to another process.
> If it contains sensitive information then the second process, which
> may be completely unrelated, can see it.

Again: If the second process is trustworthy, it won't do anything
untoward with that information. It won't even know it has access to
that information.
If the second process is not trustworthy, still won't do anything
untoward with that information, because it's so much more productive
to grab saved cookies from disk and/or browser memory, install a
keylogger, and join a half-dozen botnets.

Dale McCoy

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2718983

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 01:56:10 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.