Boost :

From: Artyom Beilis (artyom.beilis_at_[hidden])
Date: 2024-07-09 12:57:23

• Next message: Vinnie Falco: "Re: A secure string library?"
• Previous message: Ruben Perez: "A secure string library?"
• In reply to: Ruben Perez: "A secure string library?"
• Next in thread: Ruben Perez: "Re: A secure string library?"
• Reply: Ruben Perez: "Re: A secure string library?"

While this can be a useful class, it is useful mostly in the context of
cryptography.
So I rarely can see a case when you use it independently of a crypto
library.

Additionally passwords are almost never stored as clear text so the only
location I can see password is handled is in the forms you receive and
usually the UI toolkits themselves handle it as string - so you don't solve
it
there unless you rewrite the 3rd party toolkits to use "safe" string.

So while it may be useful in certain contexts it is something that
needs much wider infrastructure support.

My $0.02
Artyom

On Tue, Jul 9, 2024 at 3:28 PM Ruben Perez via Boost <boost_at_[hidden]>
wrote:

> Hi all,
>
> Boost.MySQL and Boost.Redis need to hold sensitive information, like
> passwords, to work. Using std::string may be sufficient for many use
> cases, but it's not the best security practice. std::string doesn't
> wipe its memory on cleanup, resulting in the password remaining in
> memory for an indeterminate amount of time.
>
>

• Next message: Vinnie Falco: "Re: A secure string library?"
• Previous message: Ruben Perez: "A secure string library?"
• In reply to: Ruben Perez: "A secure string library?"
• Next in thread: Ruben Perez: "Re: A secure string library?"
• Reply: Ruben Perez: "Re: A secure string library?"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk