lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, Jun 02, 2005 at 11:41:25AM +0100, David Given wrote:
> (Incidentally, a well-written program shouldn't *know* any passwords. It 
> should keep one-way hashes instead. This means that no security hole can 
> cause the passwords to be revealed. But that's an entirely different 
> issue...)
... and then we have another issue in Lua like in
many other environments,
which is lack of control over traces in memory.

Once a password has been entered as a lua string,
the good news is there is only one copy of it,
and the bad news, we must not scramble it.