On Thu, 10 Mar 2011 09:15:28 -0800 Scott McMurray <me22.ca+boost@gmail.com> wrote:
Just a thought: Maybe the Allocator should handle this, since it's related to memory management?
I've been debating that since I read your message last night, and I don't have an answer. It would make sense, but it would also make it more difficult for someone who just wants to clear the memory when it's released. I can see uses where that would be sufficient.
Can you elaborate on why someone would want to clear the memory, but not want to actually be secure?
Airtight security is a hard problem that requires massive amounts of time and attention to get right, and is best reserved for programs that absolutely require it. Barring extremely sensitive information like government-level secrets, there are generally only two things that a developer needs to worry about: that sensitive data might be written to disk by the OS, and that it might be retrieved from memory, either by malware while the machine is running or by physical means immediately after removing power. Depending on the OS involved, setting a piece of memory to never be paged to disk could be easy or impossible. But other than a very small window of opportunity, clearing memory prevents retrieving data from it regardless of the means, and makes it much less likely that such data would get written to disk. If the system has a sufficiently large amount of memory, the person using it could even disable the swapfile completely, in which case clearing memory would provide all the security he's likely to need. -- Chad Nelson Oak Circle Software, Inc. * * *