[Project_owners] clearing variables
Eric H. Jung
grimholtz at yahoo.com
Tue Feb 7 12:30:56 EST 2006
>if the data is so sensitive, why not just use the built-in
>password manager? many extensions do that already.
I assume you mean nsISecretDecoderRing.encryptString() and
nsISecretDecoderRing.decryptString() or nsIPasswordManager.addUser()?
I'm not using them for the simple reason that it's not clear to me
when/if/how the user is prompted to enter a master password when my
extension uses these functions. I do not want the user to have to enter
--- Konstantin Svist <fry.kun at gmail.com> wrote:
> writing 'delete foo' ensures that the reference is broken and that
> variable is no longer defined. 'foo = null' removes the reference too
> but the variable is still defined.
> the memory is probably not cleared immediately - what's the point?
> I don't think there's any way in JS to get uninitialized value.
> for instance, if you do
> var x;
> it simply says undefined
> what you need to worry about is multiple references and copies
> if the data is so sensitive, why not just use the built-in password
> manager? many extensions do that already.
> On 2/7/06, Rod Whiteley <rod.whiteley at gmail.com> wrote:
> > Eric H. Jung wrote:
> > > I suppose that question can be answered by someone who knows
> whether or
> > > not properties of a variable are deleted when the variable itself
> > > deleted. Anyone?
> > Of course they are, but even that's not the whole point. Suppose
> > code executes:
> > foo = "sensitive data"
> > and later it executes:
> > foo = null
> > The string "sensitive data" is probably still in memory*, even
> > the memory is available for reuse and might be overwritten later.
> > delete foo
> > is no help. That only affects memory used by the property itself.
> > * And that's my question: is unused memory cleared immediately, or
> > cleared later by the garbage collector, or (most likely) not
> cleared at
> > all until something else happens to overwrite it?
> > --
> > Rod Whiteley
> > _______________________________________________
> > Project_owners mailing list
> > Project_owners at mozdev.org
> > http://mozdev.org/mailman/listinfo/project_owners
> Project_owners mailing list
> Project_owners at mozdev.org
More information about the Project_owners