El vie., 22 de jun. de 2018 22:33, Terry Reedy <tjre...@udel.edu> escribió:
> On 6/22/2018 8:31 PM, Ezequiel Brizuela [aka EHB or qlixed] wrote: > > As all the string in python are immutable, is impossible to overwrite > > the value > > Not if one uses ctypes. Is that what you did? > No. I was using exclusivelly python strings functions from the C api. > Well I already do it: > > > > https://github.com/qlixed/python-memwiper/ > > > But i hit a lot of problems in the road, I was working on me free time > > over the last year on this and make it "almost" work, but that is not > > relevant to the proposal. > > I think it is. A very small fraction of Python users need such wiping. > And I doubt that it can be complete. For instance, I suspect that a > password entered into getpass, for instance, first exists in OS form > before being copied into a Python string objects. Wiping the Python > string would not wipe the original copy. Agree. It migth be more places to search. So this really should be > attacked at the OS level, not the language level. This need to be tackled from all the sides. Ensuring the minimal attack surface possible for anyone.
_______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
