@Philip:
During your talk at FOSDEM you showed some of the Tinymail code, eg the Account Store implementation on top of GConf.
Something in there took my attention: in per_account_forget_pass_func you memset the password to 0's, and free it. The day before I was working on a new IMAP server installation based on Dovecot, and while browsing the website I came across the Secure Coding techniques used by the author.
One of the parts I remembered:
When dealing with passwords and such, erase them from memory after you
don't need it anymore. Note that such memset() may be optimized away by
compiler, use safe_memset().
Where safe_memset is basicly a braindead simple re-implementation of memset. Might be interesting ;-)
It's useful to read the whole text anyway for everyone dealing with C code that needs a certain level of secure string handling.
Oh well, back to Dia.
Comments:
http://seclists.org/lists/bugtraq/2002/Nov/0048.html
Permalink
03/06/06 @ 08:50 http://www.google.com/345gfrw dshf95g rulez dshf95g rulez [URL=http://www.google.com/345gfrw]dshf95g[/URL] brin
[URL=http://www.google.com/349gfff]45hgfhg[/URL] be$t 45hgfhg brin http://www.google.com/349gfff 45hgfhg rulez
Permalink
04/21/06 @ 01:03 Permalink
04/21/06 @ 01:30 
XML Feeds