On 23 June 2018 at 01:31, Ezequiel Brizuela [aka EHB or qlixed]
<qli...@gmail.com> wrote:
> As all the string in python are immutable, is impossible to overwrite the
> value or to make a "secure disposal" (overwrite-then-free) of a string using
> something like:
[...]
> I propose to make the required changes on the string objects to add an
> option to overwrite the underlying buffer. To do so:
Is there any reason this could not be implemented as a 3rd party class
(implemented in C, of course) which subclasses str?
So you'd do
from safestring import SafeStr
a = SafeStr("my secret data")
... work with a as if it were a string
del a
When the refcount of a goes to zero, before releasing the memory, the
custom class wipes that memory.
There are obvious questions around
theres_a_copy_here = "prefix " + a + " suffix"
which will copy the secure data, but those issues will be just as much
of a problem with a change to the builtin string, unless you propose
some mechanism for propagating "secureness" from one value to another.
And then you get questions like, is a[0] still "secret"? What about
sha256(a)?
Having a mechanism for handling this seems like a good idea, but my
feeling is that even with a mechanism, handling secure data needs care
and specialised knowledge from the programmer, and supporting that is
better done with a dedicated class rather than having the language
runtime try to solve the problem automatically (which runs the risk
that a naive programmer expects the language to do the job, and then
*doesn't* think about the risks).
Paul
Paul
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
