[Project_owners] clearing variables

Eric H. Jung grimholtz at yahoo.com
Tue Feb 7 12:30:56 EST 2006


>if the data is so sensitive, why not just use the built-in
>password manager? many extensions do that already.

I assume you mean nsISecretDecoderRing.encryptString() and
nsISecretDecoderRing.decryptString() or nsIPasswordManager.addUser()?

I'm not using them for the simple reason that it's not clear to me
when/if/how the user is prompted to enter a master password when my
extension uses these functions. I do not want the user to have to enter
a password.


--- Konstantin Svist <fry.kun at gmail.com> wrote:

> writing 'delete foo' ensures that the reference is broken and that
> variable is no longer defined. 'foo = null' removes the reference too
> but the variable is still defined.
> 
> the memory is probably not cleared immediately - what's the point?
> I don't think there's any way in JS to get uninitialized value.
> 
> for instance, if you do
> var x;
> alert(x);
> it simply says undefined
> 
> what you need to worry about is multiple references and copies
> 
> 
> if the data is so sensitive, why not just use the built-in password
> manager? many extensions do that already.
> 
> 
> On 2/7/06, Rod Whiteley <rod.whiteley at gmail.com> wrote:
> > Eric H. Jung wrote:
> > > I suppose that question can be answered by someone who knows
> whether or
> > > not properties of a variable are deleted when the variable itself
> is
> > > deleted. Anyone?
> >
> > Of course they are, but even that's not the whole point.  Suppose
> your
> > code executes:
> >
> > foo = "sensitive data"
> >
> > and later it executes:
> >
> > foo = null
> >
> > The string "sensitive data" is probably still in memory*, even
> though
> > the memory is available for reuse and might be overwritten later. 
> Writing:
> >
> > delete foo
> >
> > is no help.  That only affects memory used by the property itself.
> >
> > * And that's my question: is unused memory cleared immediately, or
> > cleared later by the garbage collector, or (most likely) not
> cleared at
> > all until something else happens to overwrite it?
> >
> > --
> > Rod Whiteley
> > _______________________________________________
> > Project_owners mailing list
> > Project_owners at mozdev.org
> > http://mozdev.org/mailman/listinfo/project_owners
> >
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> http://mozdev.org/mailman/listinfo/project_owners
> 



More information about the Project_owners mailing list