[omniORB] Short identifier for objects?
Duncan Grisby
dgrisby@uk.research.att.com
Tue, 09 Oct 2001 14:23:29 +0100
On Monday 8 October, Luke Deller wrote:
> Shouldn't the ORB initialise *all* bytes which are sent across the
> network? Otherwise secret information from deallocated areas of the
> heap or stack could be unwittingly leaked through the uninitialised
> padding bytes.
I suppose that's a potential problem. If you have data that's that
sensitive, perhaps you should be zeroing it yourself :-)
> I guess that IIOP peers have to be trusted to some extent, but this
> sounds like an unnecessary security weakness. Why not just zero out all
> those padding bytes?
The bytes aren't zeroed for performance reasons. It's quicker to bump
a pointer to the next word boundary than to write an inconvenient
number of bytes. I don't know how much overhead there would be to zero
the padding bytes. Perhaps you'd like to try it out and see?
Cheers,
Duncan.
--
-- Duncan Grisby \ Research Engineer --
-- AT&T Laboratories Cambridge --
-- http://www.uk.research.att.com/~dpg1 --