[Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

M.-A. Lemburg mal at egenix.com
Sat Jun 23 08:11:15 EDT 2018

On 23.06.2018 02:45, Chris Angelico wrote:
> Would it suffice to flag the string as "this contains sensitive data,
> please overwrite its buffer when it gets deallocated"? The only
> difference, in your example, would be that the last print would show
> the original data, and the wipe would happen afterwards. Advantages of
> this approach include that getpass can automatically flag the string
> as sensitive, and the "sensitive" flag can infect other strings (so
> <<pwd + "x">> would be automatically flagged to be wiped). Downside:
> You can't say "I'm done with this string, destroy it immediately".

I think the flag is an excellent idea.

I'm not so sure about the automatic propagation of the flag,
though. If a string gets interned with the flag set, this
could lead to a lot of other strings receiving the flag
without intent.

Then again, you will probably not want such strings to be
interned in the first place.

Marc-Andre Lemburg

Professional Python Services directly from the Experts (#1, Jun 23 2018)
>>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>>> Python Database Interfaces ...           http://products.egenix.com/
>>> Plone/Zope Database Interfaces ...           http://zope.egenix.com/

::: We implement business ideas - efficiently in both time and costs :::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Python-ideas mailing list