[xml] libxml: cleanup up passwords

Hi everyone,

if a process that handles passwords crashes, I don't want
the password in the core dump in clear text. Thus in
applications that handle passwords I zero the buffer
that had a password before free()ing it, and I try to do
that as soon as possible.

Now I have to deal with xml documents containing passwords etc.
Is there a way to make sure the internal buffer of some nodes
contents or attributes content is zero'ed before I remove
the node or attribute from the document? Or the same thing
for the whole document?

basically my coded gets a string, parses it into dom, does
some stuff, dumps it into a string, and then wants to get
rid of the dom, and at least cleanup the buffers that contained
the passwords or similar stuff in a secure way. With some xml
libs I can access the internal buffers of nodes or attributes,
not sure if this is possible with libxml (or if it would be
a good idea to do it that way). can you give me some advice?

Thanks and best regards,

Andreas Jellinghaus

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]