May 19, 2009, 8:22 AM
Post #1 of 2
I want to overwrite data stored in a string after use for security reasons. It isn't clear to me which operations, if any, in Perl
securely overwrite string in memory?
guarantee this. For instance in this code fragment:
# load $SENSITIVE with a string
# do something with the data
# erase it from memory?
$SENSITIVE =~ tr/[\x00-\xFF]/X/;
print "erased? $SENSITIVE\n";
After the substiution the print will emit a row of X characters. However, that doesn't mean the original data isn't still floating around in RAM somewhere. For instance, tr might allocate a buffer, operate character by character from the original buffer to the new one, then change the data pointer associated with the variable to the new buffer, leaving the original inaccessible, but still there, in memory.