On 5/19/06, Arí Ricardo Ody <[EMAIL PROTECTED]> wrote:
Suppose computer is doing a long processing.
Then, someone that can copies some information
that is available only during this processing,
tries to interrupt the processing. I want to
detect this and delete the privileged
information(that otherwise would be encripted ->
sources of a interpreted language).
Hello,
My feeling is that deleting that information when the program is
killed would only partially solve the problem , and would only
give a false feeling of security. For instance:
- since it's a long-running operation, it might be possible to
copy the sensitive information before the processing ends ?
(we are talking about some temporary files , right ? )
- someone might run the program inside a debugger, and stop the
execution of the program just before the privileged information
is deleted - giving that person enough time to inspect
all the secrets.
Perhaps it would be better to keep that information in memory in some
kind of buffer ? that memory would be freed after the application is
killed ; (again - i'm assuming that you are currently storing the
information in some temporary files).
Cheers,
--
Adrian Maier
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
