[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: David Huang <khym_at_azeotrope.org>
Date: Tue, 12 Apr 2011 13:19:51 -0500

On Apr 12, 2011, at 7:24 AM, John McNamee wrote:
> The problem is what happens if an attacker can examine the disk while the OS
> is offline. There have been too many examples of laptops being lost/stolen
> with sensitive data on them to dismiss this scenario.

If you're concerned about that scenario, you should encrypt your hard drive.

Or at the very least, your pagefile:

fsutil behavior set EncryptPagingFile 1

These sorts of issues should be handled at the OS-level or lower; not on a per-application basis.

-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym_at_azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 35 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719171
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 20:20:02 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.