Hi, On Wed, Aug 14, 2024 at 08:52:54AM +0200, Gert Doering wrote: > On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote: > > Nonetheless, on Windows, we could easily add CryptProtectMemory() with > > SAME_PROCESS access for good measure, especially for those who cannot use > > "--auth-nocache". That will also add some protection to proxy passwords > > which are always cached for some reason. > > Would you be willing to send something?
Looking a bit closer, this is less straightforward than I thought
(I was expecting something "protect this memory from prying eyes",
but it's "crypt/decrypt this chunk of memory", which would need to
be woven into whenever we want to access or update the user/password
structures, including auth tokens)...
Still doable, and possibly worth trying.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
