chrismoos on Hacker News

1

Show HN: m6502, a 6502 CPU for FPGAs and Tiny Tapeout (opens in new tab)

(github.com)

5chrismoos1mo ago1

2

Show HN: Apple II(e) emulator in Rust for native and web (opens in new tab)

(github.com)

4chrismoos1mo ago0

3

Show HN: HTTP/2 HPACK Compression Go Library (opens in new tab)

(github.com)

40chrismoos10y ago13

4

Should a security library log sensitive information?

I'm looking for some more input on an issue I have with an XML encryption library, Santuario. First off, love the library, but opened this issue and getting some resistance.

The library logs in DEBUG level decrypted content and I believe this should be removed and is a security concern. Can anyone give their insight?

https://issues.apache.org/jira/browse/SANTUARIO-413

EDIT: Here is some more clarification on a use case:

To understand the concern please read the following example (let's pretend its an app running on Android): Security is all about layers – changing a log4j.properties file is orders of magnitude easier than reverse engineering a Java library and extracting an AES key that has been obfuscated before being placed in the code, for example. I'd prefer to stop people from seeing decrypted content just by modifying the log4j and changing it to DEBUG.

4chrismoos11y ago10

5