
While this can be a useful class, it is useful mostly in the context of cryptography. So I rarely can see a case when you use it independently of a crypto library. Additionally passwords are almost never stored as clear text so the only location I can see password is handled is in the forms you receive and usually the UI toolkits themselves handle it as string - so you don't solve it there unless you rewrite the 3rd party toolkits to use "safe" string. So while it may be useful in certain contexts it is something that needs much wider infrastructure support. My $0.02 Artyom On Tue, Jul 9, 2024 at 3:28 PM Ruben Perez via Boost <boost@lists.boost.org> wrote:
Hi all,
Boost.MySQL and Boost.Redis need to hold sensitive information, like passwords, to work. Using std::string may be sufficient for many use cases, but it's not the best security practice. std::string doesn't wipe its memory on cleanup, resulting in the password remaining in memory for an indeterminate amount of time.