Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's better than nothing and likely better than something without source.

Using the CLR which has no guaranteed memory zeroing and has immutable strings and GC and an exposed profiler and debugging APi is a larger concern IMHO.



> It's better than nothing

There are real issues with a false sense of security that you're glossing over here...


I didn't check but I assume they use SecureString.


I'd be surprised if they did and don't forget that it's serialized/deserialized from something which will be hanging around in the GC in the form of a memory backed stream or something too.


> the CLR which has no guaranteed memory zeroing

That's interesting. Can you elaborate?

> and has immutable strings and GC

Immutable strings is a pretty standard feature for a language, right?


Basically, when an object goes out of scope, it isn't de-allocated instantly.

Immutable strings aren't standard; they're an implementation choice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: