Yes, that is a possibility. But it doesn't feel very secure.
It could throw an error on anything with more then one reference, though, I guess, but it feels like that could be used as an exploit to keep the key in memory :)
/ Mirar
Previous text:
2003-01-28 18:42: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
How can b be "hej" when it's supposed to be the same value as a, and you haven't sent a as lvalue anywhere to get it changed?
Presumably by having a also be "hej" in this case. If I understand correctly, secure_destruct() should be a no-op if there is more than one reference. Of course, this means that in this code
void foo() { string a="hej"; [...] secure_destruct(a); }
the compiler must make sure to remove the reference stored in a before calling secure_destruct, so that the only reference to "hej" is the one on the stack (provided that there is not other strings in program which are "hej" as well, in which ase there will be more references and secure_destruct a no-op).
/ Marcus Comstedt (ACROSS) (Hail Ilpalazzo!)