ambassador at fourthworld.com
Fri Jan 3 16:59:19 EST 2020
Inputs often pose a bigger risk than core dumps.
Where you ask:
"Any suggestions to make it as secure as possible?"
...we might instead ask:
"Any suggestions to make it as secure as *practical*?"
"Any suggestions to make it as secure as *cost-effective*?"
There are always ways to make things more secure. The hard part is
defining an appropriate level of effort relative to the importance of
Consider this scale of 1 to 5, in terms of how hard people work to keep
1. My app's reg code
2. A user-defined password
3. A user's social security number
4. Nuclear secrets
5. Trump's tax returns
If it's #1 I wouldn't spend more than half an hour thinking about it,
for so many reasons covered in this list before.
#2 is worth spending some time on, but better hashed than encrypted.
#3 or above will require an understanding of the system to provide
Fourth World Systems
> That is a very interesting question!
> If the user enters the password or did I hardcode a password
> so what follows can only be executed if it included the text I
> put into the variable.
> I am in this case hardcoding it in myself. This could be text
> that is encrypted but it is still there even before it is put into
> the variable and that means it is in memory.
> Any suggestions to make it as secure as possible?
>> On Jan 3, 2020, at 1:29 PM, Richard Gaskin via use-livecode <use-livecode at lists.runrev.com> wrote:
>> How does the password come into the variable?
>> Richard Gaskin
>> Fourth World Systems
>> JB wrote:
>>> What if I have secure info like a password stored
>>> in a local variable and then I clear that info by
>>> putting empty into that local variable.
>>> How secure is that procedure? I understand a
>>> local variable does not retain the info after the
>>> code finishes but I am concerned about any
>>> info left in memory.
>>> In the c language to clear the memory you set
>>> all of the blocks to null. That is because it is
>>> more secure than doing something like putting
>>> empty into the variable.
>>> So the question is when I put empty into a local
>>> variable I know when you access that variable it
>>> will return empty but if it has not been set to null
>>> then is it possible for someone to read the blocks
>>> of memory and get anything back. In c if you set
>>> all of the blocks to null and not just the first block
>>> then you have eliminated the chance of someone
>>> recovering the info. Is there a secure way to clear
>>> a variable in Livecode?
More information about the use-livecode