[Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Paul Moore p.f.moore at gmail.com
Sat Jun 23 07:16:43 EDT 2018

On 23 June 2018 at 12:13, Paul Moore <p.f.moore at gmail.com> wrote:
> On 23 June 2018 at 01:31, Ezequiel Brizuela [aka EHB or qlixed]
> <qlixed at gmail.com> wrote:
>> As all the string in python are immutable, is impossible to overwrite the
>> value or to make a "secure disposal" (overwrite-then-free) of a string using
>> something like:

By the way, Perl has a concept of "tainted strings" which track string
values (in Perl's case, whether they came from "external input") in a
similar way. Anyone intending to take this proposal forward should
almost certainly research that case - my recollection is that
taintedness was a mixed success, in that it at best only partially
solved the problems and was quite complex to implement and document.
But it's probably 15 years or more since I looked at Perl's taint
mechanism, so don't trust my recollection without checking :-)


More information about the Python-ideas mailing list