10 Jul
2024
10 Jul
'24
4:41 a.m.
Le mardi 09 juillet 2024 à 22:14 +0200, Rainer Deyke via Boost a écrit :
So: is there any real attack in the wild that can be prevented by using a secure string class?
I think the key here is that an attack is not "prevented", but "mitigated". If the attacker has access to your memory, you already have a problem. But if it contains a lot of sensitive data, it's even worse. Iirc heartblead was that kind of failure that would have been mitigated if memory had been cleared correctly upon disposal. Regards, Julien