At 10:15 19/5/2006, you wrote:
Hello,
My feeling is that deleting that information when the program is
killed would only partially solve the problem , and would only
give a false feeling of security. For instance:
- since it's a long-running operation, it might be possible to
copy the sensitive information before the processing ends ?
(we are talking about some temporary files , right ? )
- someone might run the program inside a debugger, and stop the
execution of the program just before the privileged information
is deleted - giving that person enough time to inspect
all the secrets.
First, thank you for you considerations. I think that people that
would handle the application have no expertise to do the things you
suggest above. This is my hope. I'll put the sources in a (local)
ramdrive. This may difficult these actions. At least for access the
information thru the network.
Perhaps it would be better to keep that information in memory in some
kind of buffer ? that memory would be freed after the application is
killed ; (again - i'm assuming that you are currently storing the
information in some temporary files).
My Lazarus application will manage a list of programs to be converted
and will run a tool(once for each file of the list) that uses an
interpreter to execute sources that would "writed" in a ramdrive. I
have no way of establish a communications with the interpreter in the
way it takes the sources from a buffer of memory and not from a
"real" drive. If you know what I mean...
Cheers,
--
Adrian Maier
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
