
Node.js Buffer knows everything – your traffic, sources, keys and configs - ChALkeR
https://github.com/ChALkeR/notes/blob/master/Buffer-knows-everything.md
======
ChALkeR
And no, switching Buffer(number) to be zero-filled will bring more harm now,
even from the security point of view. The best course of action imo is to
deprecate Buffer(number) whatsoever and replace it with two separate methods.
More info here:
[https://github.com/nodejs/node/issues/4660#issuecomment-1712...](https://github.com/nodejs/node/issues/4660#issuecomment-171262864)

I will make a separate post about that soon enough.

~~~
ChALkeR
Done:
[https://news.ycombinator.com/item?id=10909727](https://news.ycombinator.com/item?id=10909727)

------
0x0
Sounds like a recipe for disaster. Why not just zero buffers on construction;
if you can't afford the performance penalty of memset then you could always
manage a pool of pre-allocated Buffers in your super performant module, which
would make it even more obvious to a casual reader.

------
ChALkeR
This note does not have anything actually new, but I have seen several people
who are not aware of that.

------
bricss
Every new Buffer should allocate new sandboxed memset, fulfilled with zeros.

