Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
Yeah I'm very surprised by that too. An overflow would be exactly the sort of thing you'd need to be especially vigilant about in this kind of set-up. I'm also really surprised that request data and internal server data (the encryption keys) aren't completely separated and sand-boxed. I can understand the Heartbleed bug exposing passwords and private content sent in earlier requests, because it makes sense for all requests to share the same region of memory. But why the hell are they even close to the encryption keys themselves?