While this can be a useful class, it is useful mostly in the context of
cryptography.
So I rarely can see a case when you use it independently of a crypto
library.
Additionally passwords are almost never stored as clear text so the only
location I can see password is handled is in the forms you receive and
usually the UI toolkits themselves handle it as string - so you don't solve
it
there unless you rewrite the 3rd party toolkits to use "safe" string.
So while it may be useful in certain contexts it is something that
needs much wider infrastructure support.
My $0.02
Artyom
On Tue, Jul 9, 2024 at 3:28 PM Ruben Perez via Boost
Hi all,
Boost.MySQL and Boost.Redis need to hold sensitive information, like passwords, to work. Using std::string may be sufficient for many use cases, but it's not the best security practice. std::string doesn't wipe its memory on cleanup, resulting in the password remaining in memory for an indeterminate amount of time.