Re: Credentials held unencrypted in memory during runtime

From: Dale McCoy <dalestan_at_gmail.com>
Date: Mon, 11 Apr 2011 19:56:04 -0400

On Mon, Apr 11, 2011 at 17:55, Simon Large <simon.tortoisesvn_at_gmail.com> wrote:
> I think the issue is simply that when the program (TProc) exits, that
> physical memory is freed and can then be allocated to another process.
> If it contains sensitive information then the second process, which
> may be completely unrelated, can see it.

Again: If the second process is trustworthy, it won't do anything
untoward with that information. It won't even know it has access to
that information.
If the second process is not trustworthy, still won't do anything
untoward with that information, because it's so much more productive
to grab saved cookies from disk and/or browser memory, install a
keylogger, and join a half-dozen botnets.

Dale McCoy

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2718983

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 01:56:10 CEST

This message: [ Message body ]
Next message: Craig McQueen: "SubWCRev and ternary keywords and $WCRANGE$ colon"
Previous message: Simon Large: "Re: Re: svn update fails quietly"
In reply to: Simon Large: "Re: Credentials held unencrypted in memory during runtime"
Next in thread: Dale McCoy: "Re: Credentials held unencrypted in memory during runtime"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]