[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Privacy
- From: Klaus Ripke <paul-lua@...>
- Date: Thu, 2 Jun 2005 12:41:47 +0200
On Thu, Jun 02, 2005 at 11:41:25AM +0100, David Given wrote:
> (Incidentally, a well-written program shouldn't *know* any passwords. It
> should keep one-way hashes instead. This means that no security hole can
> cause the passwords to be revealed. But that's an entirely different
... and then we have another issue in Lua like in
many other environments,
which is lack of control over traces in memory.
Once a password has been entered as a lua string,
the good news is there is only one copy of it,
and the bad news, we must not scramble it.