From: Julien Blanc (julien.blanc_at_[hidden])
Date: 2024-07-10 04:41:13

• Next message: Bhuyan, Jyotideep: "[boost 1.85.0 MSVC142-64 ]type_name.hpp(354,2): error C2766: explicit specialization; 'boost::core::detail::tn_holder<unsigned short>' has already been defined"
• Previous message: Andrey Semashev: "Re: failure to produce PDF documentation"
• In reply to: Rainer Deyke: "Re: A secure string library?"

Le mardi 09 juillet 2024 à 22:14 +0200, Rainer Deyke via Boost a
écrit :
> So: is there any real attack in the wild that can be prevented by
> using a secure string class?
>

I think the key here is that an attack is not "prevented", but
"mitigated". If the attacker has access to your memory, you already
have a problem. But if it contains a lot of sensitive data, it's even
worse.

Iirc heartblead was that kind of failure that would have been mitigated
if memory had been cleared correctly upon disposal.

Regards,

Julien

• Next message: Bhuyan, Jyotideep: "[boost 1.85.0 MSVC142-64 ]type_name.hpp(354,2): error C2766: explicit specialization; 'boost::core::detail::tn_holder<unsigned short>' has already been defined"
• Previous message: Andrey Semashev: "Re: failure to produce PDF documentation"
• In reply to: Rainer Deyke: "Re: A secure string library?"