Boost logo

Boost :

From: Rainer Deyke (rdeyke_at_[hidden])
Date: 2022-05-13 19:37:36


On 13.05.22 17:23, Phil Endecott via Boost wrote:
> The aim should be "secure by default". Users are lazy. The
> particular danger in this case is that they do an initial test with
> the password in the source, and then move it somewhere secure later,
> but the password is still exposed in their revision control history.
> At this point in history, there is no excuse to repeat the mistakes
> that have lead to really very serious security problems in the past.
> Make the default mechanism, and the first one that you describe in
> the docs, the most secure one.

Looking for credentials in a file on disk may be more secure than
embedding the credentials in code, but it is most definitely the most
secure mechanism. The most secure mechanism is to always ask the user
at program start-up. Or better yet, ask each time a connection is
created, and then immediately wipe the credentials from RAM in order to
mitigate RAM scanning attacks.

-- 
Rainer Deyke (rainerd_at_[hidden])

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk