[PATCH] make nginx not swappable
Andrew Punch
apunch at brandscreen.com
Thu May 22 22:39:42 UTC 2014
Encrypt your swap partition then or disable it. A very minimal area of
memory where any keys are stored or in the ssl library where encryption
takes place should be non-swappable but keeping everything in memory means
you're doing it wrong.
If you really must do it for yourself, I don't see why patching a single
mlockall() into the right place is so onerous. Also you haven't provided
the ability to do this on other platforms e.g. Windows.
I don't think this patch is worth pursuing. If you want to do it yourself,
that's fine but I don't want this unnecessary complexity on any servers I
run.
--
NOTICE
This e-mail and any attachments are confidential and may contain copyright
material of Brandscreen or third parties. If you are not the intended
recipient of this email you should not read, print, re-transmit, store or
act in reliance on this e-mail or any attachments, and should destroy all
copies of them. Brandscreen does not guarantee the integrity of any emails
or any attached files. The views or opinions expressed are the author's own
and may not reflect the views or opinions of Brandscreen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140523/671ece27/attachment.html>
More information about the nginx-devel
mailing list