[Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Terry Reedy tjreedy at udel.edu
Sat Jun 23 00:00:55 EDT 2018


On 6/22/2018 8:45 PM, Chris Angelico wrote:

> Would it suffice to flag the string as "this contains sensitive data,
> please overwrite its buffer when it gets deallocated"? The only
> difference, in your example, would be that the last print would show
> the original data, and the wipe would happen afterwards. Advantages of
> this approach include that getpass can automatically flag the string
> as sensitive, and the "sensitive" flag can infect other strings (so
> <<pwd + "x">> would be automatically flagged to be wiped). Downside:
> You can't say "I'm done with this string, destroy it immediately".

But one can be careful about creating references, and in current 
CPython, deleting the last reference does mean destroy, and possibly 
wipe, immediately.


-- 
Terry Jan Reedy



More information about the Python-ideas mailing list