Re: static gchar security



It would be *very* insecure.  Any root-level program could pick up that
password very easily just by examining /dev/kmem.  Why would you want to
store that password for the life of a program anyway?  It's standard
procedure for programs that accept passwords to forget them immediately
after receiving them and doing the authentication.

--Jason

On Tue, 2002-11-05 at 00:41, Jacob Perkins wrote:
> How (in)secure would it be to have a static gchar that would save a
> plaintext password?  The gchar would start off null, but could later
> contain a password, and is static for the life of the app.  Is there a
> better way to do this?
-- 
Jason A. Pfeil                        pfeil 10East com
Senior Open Systems Engineer          http://www.10East.com
10East, Inc.                          (904)220-DOCS

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]