mathog
New User
May 19, 2009, 8:22 AM
Post #1 of 2
(519 views)
|
|
securely overwrite string in memory?
|
Can't Post
|
|
I want to overwrite data stored in a string after use for security reasons. It isn't clear to me which operations, if any, in Perl
guarantee this. For instance in this code fragment:
our $SENSITVE;
# load $SENSITIVE with a string
&example;
exit;
sub example{
#
# do something with the data
#
# erase it from memory?
$SENSITIVE =~ tr/[\x00-\xFF]/X/;
print "erased? $SENSITIVE\n";
}
After the substiution the print will emit a row of X characters. However, that doesn't mean the original data isn't still floating around in RAM somewhere. For instance, tr might allocate a buffer, operate character by character from the original buffer to the new one, then change the data pointer associated with the variable to the new buffer, leaving the original inaccessible, but still there, in memory.
|
MAIN
SEARCH
WHO'S 
LOG 