Le 22/08/2012 14:12, Tom Hacohen a écrit : > On 22/08/12 15:04, Carsten Haitzler (The Rasterman) wrote: >> On Wed, 22 Aug 2012 14:54:30 +0300 Tom Hacohen <tom.haco...@samsung.com> >> said: >> >>> On 22/08/12 14:51, Carsten Haitzler (The Rasterman) wrote: >>>> On Wed, 22 Aug 2012 14:46:50 +0300 Tom Hacohen <tom.haco...@samsung.com> >>>> said: >>>> >>>>> To be honest, I don't know how secure we can get there because of entry. >>>>> We only free (without explicitly erasing) the buffers used internally by >>>>> entry (elm+edje) and textblock, so there might be cleartext copies of >>>>> the pass in memory anyway... >>>> it doesnt use elm or edje entry or e entry.. its literally done by hand >>>> listening to keystrokes (whihc frankly if u can force coredumps u can >>>> divine >>>> the passwd thru keystroke memory history if u are lucky). :) >>> So not entry, but it uses text/textblock to show the text, doesn't it? >>> If so, the same logic applies. >> it only shows ***** >> >> so i guess u could find out how many chars the pw has.. that's it. evas only >> ever sees *** (and edje too). >> >> > Ah, you are right. I remembered it had issues with handling hebrew > passwords (it showed as many * as the bytes instead of the chars), but > it's because the count was wrong, not a malfunction in edje/textblock. > Now I remember. :) > > Ok, cool. > > -- > Tom. > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >
https://www.securecoding.cert.org/confluence/display/seccode/MSC06-C.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data Mmhhh... ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel