empty variable

[JB]

That is a very interesting question!

If the user enters the password or did I hardcode a password
so what follows can only be executed if it included the text I
put into the variable.

I am in this case hardcoding it in myself.  This could be text
that is encrypted but it is still there even before it is put into
the variable and that means it is in memory.

Any suggestions to make it as secure as possible?

JB


> On Jan 3, 2020, at 1:29 PM, Richard Gaskin via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> How does the password come into the variable?
> 
> --
> Richard Gaskin
> Fourth World Systems
> 
> JB wrote:
>> What if I have secure info like a password stored
>> in a local variable and then I clear that info by
>> putting empty into that local variable.
>> How secure is that procedure?  I understand a
>> local variable does not retain the info after the
>> code finishes but I am concerned about any
>> info left in memory.
>> In the c language to clear the memory you set
>> all of the blocks to null.  That is because it is
>> more secure than doing something like putting
>> empty into the variable.
>> So the question is when I put empty into a local
>> variable I know when you access that variable it
>> will return empty but if it has not been set to null
>> then is it possible for someone to read the blocks
>> of memory and get anything back.  In c if you set
>> all of the blocks to null and not just the first block
>> then you have eliminated the chance of someone
>> recovering the info.  Is there a secure way to clear
>> a variable in Livecode?
>> JB
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>