[omniORB] Short identifier for objects?

[Duncan Grisby]

On Monday 8 October, Luke Deller wrote:

> Shouldn't the ORB initialise *all* bytes which are sent across the 
> network?  Otherwise secret information from deallocated areas of the 
> heap or stack could be unwittingly leaked through the uninitialised 
> padding bytes.

I suppose that's a potential problem. If you have data that's that
sensitive, perhaps you should be zeroing it yourself :-)

> I guess that IIOP peers have to be trusted to some extent, but this 
> sounds like an unnecessary security weakness.  Why not just zero out all 
> those padding bytes?

The bytes aren't zeroed for performance reasons. It's quicker to bump
a pointer to the next word boundary than to write an inconvenient
number of bytes. I don't know how much overhead there would be to zero
the padding bytes. Perhaps you'd like to try it out and see?

Cheers,

Duncan.

-- 
 -- Duncan Grisby  \  Research Engineer  --
  -- AT&T Laboratories Cambridge          --
   -- http://www.uk.research.att.com/~dpg1 --