Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] How to secure an OCaml server
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Thomas Fischbacher <Thomas.Fischbacher@P...>
Subject: Re: [Caml-list] How to secure an OCaml server

On Sun, 29 Feb 2004, Yamagata Yoriyuki wrote:

> From: Yutaka OIWA <oiwa@yl.is.s.u-tokyo.ac.jp>
> Subject: Re: [Caml-list] How to secure an OCaml server
> Date: Sun, 29 Feb 2004 01:44:10 +0900
> 
> > The garbage collection helps this style of programming, since with
> > GC you can use those high-level data structures without fearing
> > about memory leakage or dangling pointers.
> 
> On the other hand, relaying GC means data reside in the memory for
> unpredictable amount of time, and may swap out to the disk.

In case we are talking about linux, may I recommend using cryptoapi to 
encrypt the swapspace (you can do a losetup -e blowfish /dev/loop7 
swapfile; mkswap /dev/loop7; swapon /dev/loop7 at every boot - getting 
losetup to use a random string may perhaps need a bit of patching...)?

What is swap good for nowadays that machines have RAM close to the 4 GB 
boundary anyway? I suppose it is mostly used just to slow the machine down 
enough so that root can react and kill processes by hand if some task 
goes haywire. Hence, encrypting swap will even help to slightly improve 
this. ;->

-- 
regards,               tf@cip.physik.uni-muenchen.de              (o_
 Thomas Fischbacher -  http://www.cip.physik.uni-muenchen.de/~tf  //\
(lambda (n) ((lambda (p q r) (p p q r)) (lambda (g x y)           V_/_
(if (= x 0) y (g g (- x 1) (* x y)))) n 1))                  (Debian GNU)

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners