Currently, LDAP credentials are carried in bind-dn and password variables. Even if we use an encrypted credential store (#7) to retrieve these sensitive values, they are in program memory at least through the lifetime of the LDAP query (which could have a long execution time). See if we can clear these sensitive values from memory after the session is bound.
Currently, LDAP credentials are carried in
bind-dnandpasswordvariables. Even if we use an encrypted credential store (#7) to retrieve these sensitive values, they are in program memory at least through the lifetime of the LDAP query (which could have a long execution time). See if we can clear these sensitive values from memory after the session is bound.