[PATCH] make nginx not swappable

Andrew Punch apunch at brandscreen.com
Thu May 22 22:39:42 UTC 2014


Encrypt your swap partition then or disable it. A very minimal area of
memory where any keys are stored or in the ssl library where encryption
takes place should be non-swappable but keeping everything in memory means
you're doing it wrong.

If you really must do it for yourself, I don't see why patching a single
mlockall() into the right place is so onerous. Also you haven't provided
the ability to do this on other platforms e.g. Windows.

I don't think this patch is worth pursuing. If you want to do it yourself,
that's fine but I don't want this unnecessary complexity on any servers I
run.

-- 
NOTICE

This e-mail and any attachments are confidential and may contain copyright 
material of Brandscreen or third parties. If you are not the intended 
recipient of this email you should not read, print, re-transmit, store or 
act in reliance on this e-mail or any attachments, and should destroy all 
copies of them. Brandscreen does not guarantee the integrity of any emails 
or any attached files. The views or opinions expressed are the author's own 
and may not reflect the views or opinions of Brandscreen.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140523/671ece27/attachment.html>


More information about the nginx-devel mailing list