[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: John McNamee <jpm_at_microwiz.com>
Date: Tue, 12 Apr 2011 07:24:01 -0500

Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> If you're system is configured so that users actually can open and
> read the paging file you don't need to worry about security issues
> anymore. Because you don't have any security at all and therefore
> can't have any issues with it. Can't have an issue with something that
> doesn't exist.

The issue is not what happens while the OS is running. Proper configuration
should prevent any information leaks, and improper configuration means you've
already lost.

The problem is what happens if an attacker can examine the disk while the OS
is offline. There have been too many examples of laptops being lost/stolen
with sensitive data on them to dismiss this scenario.


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 15:11:05 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.