Hi, I don't know whether this is a known issue or not, so I ask here before reporting this issue.
When using librucrl, I want to have basic http authentication (I use CURLOPT_USERNAME and CURLOPT_PASSWORD for that). However, if I create a dump of my process, I can see the password as plain text at process memory dump file. I'm sure it comes from libcurl, as I clean my password buffer, right after passing it to libcurl. As part of "defence in depth" strategy, I want to protect my process from core dump attacks. My question is: 1. Is this a known issue of libcurl? 2. Should I open/report a bug for this? Thanks. Eliyahu
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
