Re: Privacy

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Privacy
From: Klaus Ripke <paul-lua@...>
Date: Thu, 2 Jun 2005 12:41:47 +0200

On Thu, Jun 02, 2005 at 11:41:25AM +0100, David Given wrote:
> (Incidentally, a well-written program shouldn't *know* any passwords. It 
> should keep one-way hashes instead. This means that no security hole can 
> cause the passwords to be revealed. But that's an entirely different 
> issue...)
... and then we have another issue in Lua like in
many other environments,
which is lack of control over traces in memory.

Once a password has been entered as a lua string,
the good news is there is only one copy of it,
and the bad news, we must not scramble it.

References:
- Re: Re[2]: Privacy, David Given

Prev by Date: Re: Re[2]: Privacy
Next by Date: Re: PATCH: 51w6 inheritable liolib + posix.popen (was PATCH: Lua5.0.2 popen/pclose fix)
Previous by thread: Re: Re[2]: Privacy
Next by thread: luasocket: segfault with dns.toip and suggested fix
Index(es):
- Date
- Thread