Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: None <thorpej@nas.nasa.gov>
From: Joe Greco <jgreco@brasil.moneng.mei.com>
List: tech-userlevel
Date: 10/18/1996 08:39:56
> On Thu, 17 Oct 1996 23:10:46 -0700 
>  "Justin T. Gibbs" <gibbs@freefall.freebsd.org> wrote:
> 
>  > >What's the objection to clearing possibly-contaminated structures when a 
>  > >program signifies its done with a privileged resource?
>  > 
>  > It causes any db client to pay this penalty regardless of what is stored
>  > in the database.  That is bad design.
> 
> Right, and as I said previously, who's to know if there's other sensitive
> data in the processes' address space... In addition to paying a performance
> cost, you don't really solve anything.

I think perhaps we are all in agreement:

If a process is managing sensitive data, it needs to be up to the process 
to handle the security arrangements.

I believe that what is lacking is a way to do this right now with
a process that uses Berkeley DB...

... JG