> On Thu, 17 Oct 1996 23:10:46 -0700 
>  "Justin T. Gibbs" <gibbs@freefall.freebsd.org> wrote:
> 
>  > >What's the objection to clearing possibly-contaminated structures when a 
>  > >program signifies its done with a privileged resource?
>  > 
>  > It causes any db client to pay this penalty regardless of what is stored
>  > in the database.  That is bad design.
> 
> Right, and as I said previously, who's to know if there's other sensitive
> data in the processes' address space... In addition to paying a performance
> cost, you don't really solve anything.

I think perhaps we are all in agreement:

If a process is managing sensitive data, it needs to be up to the process 
to handle the security arrangements.

I believe that what is lacking is a way to do this right now with
a process that uses Berkeley DB...

... JG