On 10/19/18 11:49 AM, Erik Janssen wrote:

> That said, explicit wipe of the most sensitive parts, probably controlled by the application through options, would be low-cost, and reduces the chance of exporting them in core dumps, etc.

I think that this would be a good way to go.
I agree that wiping all allocated memory might have performance impacts
and that is generally an overkill. Also because most applications will
still keep sensitive information in their own memory. However, for
applications that clear their own copy, an option would be nice for
libcurl clearing the memory, maybe by an explicit call in the suggested way:
> I so see a point in explicitly wiping previous url or credentials
when the next one, or empty string, is specified.
That way there are no performance impacts for average programs, but
programs that care about sensitive data in a special way can explicitly
clear it from libcurl.

Sure every effort we take cannot eliminate the possibility to obtain
information from the process, but we can shrink the time window and make
it harder; and I think we should give the user the possibility to do so.

--
Gabriel

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html