Oops, I forgot to check back this theard. But yes, just the info
I was looking for.
On Wednesday, 1 May 2019 at 22:14:52 UTC, Cym13 wrote:
There are very few relevant threat models where removing a
password from RAM is an adequate solution.
Not an adequate solution... What else is usually needed? You
can't mean hashing, because by definition one would not want to
delete the password in the first place, if there weren't hashes
made of it.
I'd rather focus on mitigating that threat by keeping
boundchecking on, writing @safe code etc.
I do. I was just curious if doing this trick brings any practical
extra safety. (By what I understood from your reply, yes with
operating systems or password managers but not generally with
servers, unless trying to guard it from it's maintainers)
And I'm also going to try to follow Walter's safety tip number 1:
never assuming the server won't crash. I'm going to make an
automatic restarter process for it.
