Re: Credentials held unencrypted in memory during runtime
From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Tue, 12 Apr 2011 16:53:51 +0200
On Tue, Apr 12, 2011 at 15:25, Feldhacker, Chris
Good.
>
Did I say that using best practices is wrong? Did I say that with even
I said that this is not a security issue. And I stand by that.
Ok, back to your links. By now you should have read what you wanted me
MEM06-CPP. Ensure that sensitive data is not written out to disk
MEM03-CPP. Clear sensitive information stored in returned reusable resources
> (BTW, "pervasive memory scraping" is the term being used these days -- apparently the SANS Institute identified this as the top threat for this year. A good Google search will turn up lots of references, and one counter-measure in a defense-in-depth strategy is to ensure in-memory sensitive data is handled appropriately...)
Ok. Now go and please read at lest *some* of those papers.
Stefan
-- ___ oo // \\ "De Chelonian Mobile" (_,\/ \_/ \ TortoiseSVN \ \_/_\_/> The coolest Interface to (Sub)Version Control /_/ \_\ http://tortoisesvn.net ------------------------------------------------------ http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719117 To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].Received on 2011-04-12 16:54:18 CEST |
This is an archived mail posted to the TortoiseSVN Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.