English version
Accueil     À propos     Téléchargement     Ressources     Contactez-nous    

Ce site est rarement mis à jour. Pour les informations les plus récentes, rendez-vous sur le nouveau site OCaml à l'adresse ocaml.org.

Browse thread
[Caml-list] How to secure an OCaml server
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2004-02-28 (23:17)
From: Yamagata Yoriyuki <yoriyuki@m...>
Subject: Re: [Caml-list] How to secure an OCaml server
From: Yutaka OIWA <oiwa@yl.is.s.u-tokyo.ac.jp>
Subject: Re: [Caml-list] How to secure an OCaml server
Date: Sun, 29 Feb 2004 01:44:10 +0900

> The garbage collection helps this style of programming, since with
> GC you can use those high-level data structures without fearing
> about memory leakage or dangling pointers.

On the other hand, relaying GC means data reside in the memory for
unpredictable amount of time, and may swap out to the disk.  Moreover,
current GC of OCaml does not seem to wipe out the contents when a
memory block is reclaimed, and String.create does not initialize the
contents either.  This could leak information which is otherwise

So overwrite explicitly sensible data when they are no longer used,
and use String.make instead of String.create.

(Actually, I feel String.create is deprecated, or initializes the
contents by null, but there would be a performance concern.)

Yamagata Yoriyuki

To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners