Justus wrote:

I've been working on http digest authentication (mostly done, needs some more testing) and I noticed that sensitive information like passwords aren't cleared before freeing the memory.

I know this is kind of pointless for basic authentication since realm->authentication holds the base64 encoded password anyway, but at least it isn't stored in plain text. It is however very useful for the http digest authentication which only stores the hashed password.

There is a small problem with the attached patch (at least I think that there is): it modifies a member variable of fltk::Input that is declared const char *. I *think* that this does not cause any problems in practice since the widget is destroyed shortly after this anyway and I believe that doing this right requires patching fltk. What do you think?

So far as I know (for whatever that's worth), it should be all right since the value wasn't set with static_text().