> Am 30.09.2022 um 09:43 schrieb Daniel Stenberg via curl-library > <[email protected]>: > > Hi, > > Is it worth doing something about? > Well, if you like to prevent picking passwords easily from memory dumps while a transaction is running, e.g. longer download, you may just do a bit of xor for the long term storage. Like get a random 16 byte string at start and then xor values with it. This way you won't need a crypto library as a reference for a non SSL enabled curl. On the other side, when our applications passes a password to curl, it is still in some object property or even the textfield of the GUI. Best regards, Christian -- Read our blog about news on our plugins: http://www.mbsplugins.de/ -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
- credentials in memory Daniel Stenberg via curl-library
- Re: credentials in memory Stefan Eissing via curl-library
- Re: credentials in memory James Fuller via curl-library
- Re: credentials in memory Daniel Stenberg via curl-library
- Re: credentials in memory Stefan Eissing via curl-library
- Re: credentials in mem... Stefan Eissing via curl-library
- Re: credentials in mem... Ville Likitalo via curl-library
- Re: credentials in memory Zakrzewski, Jakub via curl-library
- Re: credentials in memory Christian Schmitz via curl-library
- Re: credentials in memory David Woodhouse via curl-library
- Re: credentials in memory Daniel Stenberg via curl-library
- Re: credentials in memory Howard Chu via curl-library
- Re: credentials in memory Dan Fandrich via curl-library
- Re: credentials in memory Howard Chu via curl-library
- Re: credentials in memory Daniel Stenberg via curl-library
