Bitwise xor is used for "masking" code like these:
https://github.com/PyMySQL/PyMySQL/blob/37eba60439039eff17b32ef1a63b45c25ea28cec/pymysql/connections.py#L139-L146
https://github.com/tornadoweb/tornado/blob/0b2b055061eb4754c80a8d6bc28614b86954e336/tornado/util.py#L470-L471
https://github.com/torn
On 21 Jun 2018, at 09:17, Stephen J. Turnbull wrote:Ronald Oussoren writes:Possibly just for the “cp…” encodings, but IMHO only if we confirmthat the code to look for the preferred encoding returns a codepagenumber on Windows and changing that code leads to worse resultsthan adding numeric aliases
On 21 June 2018 at 03:27, Serhiy Storchaka wrote:
> 20.06.18 20:07, Guido van Rossum пише:
>>
>> Maybe we're misunderstanding each other? I would think that calling the
>> classmethod object directly would just call the underlying function, so this
>> should have to call utility() with a single ar
On 6/22/2018 7:08 AM, INADA Naoki wrote:
Bitwise xor is used for "masking" code like these:
https://github.com/PyMySQL/PyMySQL/blob/37eba60439039eff17b32ef1a63b45c25ea28cec/pymysql/connections.py#L139-L146
This points to a function _my_crypt that is O(n*n) because of using
bytes.append. Usin
Hi Terry,
Thanks, but I didn't care because my password is not so long.
I just want to illustrate real world bytes xor usage.
BTW, New MySQL auth methods (sha256 and caching_sha2)
use bytes xor too.
For performance point of view, websocket masking is performance
critical. Tornado uses extension
On Thu, Jun 21, 2018, at 05:00, INADA Naoki wrote:
> When Python 4, I think we can even throw away classmethod and staticmethod
> object.
> PyFunction can have binding flag instead, like METH_CLASS and METH_STATIC
> for PyCFunction.
> classmethod and staticmethod is just a function which modify the
As all the string in python are immutable, is impossible to overwrite the
value or to make a "secure disposal" (overwrite-then-free) of a string
using something like:
>>> a = "something to hide"
>>> a = "x"*len(a)
This will lead on the process memory "something to hide" and "x" repeated
len(a) t
On Sat, Jun 23, 2018 at 10:31 AM, Ezequiel Brizuela [aka EHB or
qlixed] wrote:
> I propose to make the required changes on the string objects to add an
> option to overwrite the underlying buffer. To do so:
>
> * Add a wiped as an attribute that is read-only to be set when the string
> is over
A wipe() method that mutates a string while it can still be referenced
elsewhere is unacceptable -- it breaks an abstraction that is widely
assumed.
Chris's proposal can be implemented, it would set a hidden flag. Hopefully
there's room for the flag without increasing the object header size.
On
On 6/22/2018 8:31 PM, Ezequiel Brizuela [aka EHB or qlixed] wrote:
As all the string in python are immutable, is impossible to overwrite
the value
Not if one uses ctypes. Is that what you did?
Well I already do it:
https://github.com/qlixed/python-memwiper/
But i hit a lot of problems
Chris Angelico wrote:
Downside:
You can't say "I'm done with this string, destroy it immediately".
Also it would be hard to be sure there wasn't another
copy of the data somewhere from a time before you
got around to marking the string as sensitive, e.g.
in a file buffer.
--
Greg
On Sat, Jun 23, 2018 at 11:30 AM, Guido van Rossum wrote:
> Chris's proposal can be implemented, it would set a hidden flag. Hopefully
> there's room for the flag without increasing the object header size.
If I'm reading the include file correctly, the 'state' bitstruct has
eight bits with define
On Sat, Jun 23, 2018 at 01:33:59PM +1200, Greg Ewing wrote:
> Chris Angelico wrote:
> >Downside:
> >You can't say "I'm done with this string, destroy it immediately".
>
> Also it would be hard to be sure there wasn't another
> copy of the data somewhere from a time before you
> got around to marki
On 6/22/2018 8:45 PM, Chris Angelico wrote:
Would it suffice to flag the string as "this contains sensitive data,
please overwrite its buffer when it gets deallocated"? The only
difference, in your example, would be that the last print would show
the original data, and the wipe would happen afte
On Sat, Jun 23, 2018 at 2:00 PM, Terry Reedy wrote:
> On 6/22/2018 8:45 PM, Chris Angelico wrote:
>
>> Would it suffice to flag the string as "this contains sensitive data,
>> please overwrite its buffer when it gets deallocated"? The only
>> difference, in your example, would be that the last pri
On Fri, Jun 22, 2018 at 9:11 PM Chris Angelico wrote:
> How will other Pythons handle this?
>
It could be optional behavior. ISTR that in Jython, strings are pretty much
just Java strings.
Does Java have such a feature? If not, do Java apps worry about this? If
not, perhaps Python needn't eithe
On Fri, Jun 22, 2018 at 6:45 PM, Steven D'Aprano wrote:
> On Sat, Jun 23, 2018 at 01:33:59PM +1200, Greg Ewing wrote:
>> Chris Angelico wrote:
>> >Downside:
>> >You can't say "I'm done with this string, destroy it immediately".
>>
>> Also it would be hard to be sure there wasn't another
>> copy of
17 matches
Mail list logo
