On 2019-07-11 03:11, Michael Paquier wrote: > On Mon, Jun 24, 2019 at 02:08:50PM +0900, Michael Paquier wrote: >> CreateRole() and AlterRole() can manipulate a password in plain format >> in memory. The cleanup could be done just after calling >> encrypt_password() in user.c. >> >> Could it be possible to add the new flag in pg_config.h.win32? > > While remembering about it... Shouldn't the memset(0) now happening in > base64.c for the encoding and encoding routines when facing a failure > use explicit_zero()?
base64.c doesn't know what the data it is dealing with is used for. That should be the responsibility of the caller, no? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
