> I have implemented a sanitize! method into the String class to properly
> erase Strings from memory (example usage: clearing a password from memory),
> but I want to make sure that what I'm doing is actually doing what I think
> it is.
Copies won't be affected. E.g. if you do
s1 = "...."
s2 = s1[1..-1]
s1.sanitize!
s2 will still hold most of the characters of s1. But there is no way
around this unless you want to resort to
ObjectSpace.each_object(String)...
Ah, good point. Is there a way to identify where the String came
from? I.e. There's no guarantee that the same password String isn't
being used in a completely different context, so I don't want to erase
a String that isn't related to the String being sanitized.
> Basically, is this code going to leave _anything_ lying around in memory
> because of any undocumented/strange behavior or side effects of the =
> method?
> class String
> def sanitize!
> for i in 0...self.length
> self[i] = 0
> end
> self.delete!("\000")
> end
> end
> Also, feel free to recommend any "better" ways to do this.
How about
class String
def sanitize!
gsub! /./, ' '
strip!
self
end
def sanitize_robert_paranoia!
gsub!(/./) { (32 + rand(96)).chr }
sub! /\A.+\z/, '' # or slice! 0..-1
self
end
end
Thanks for this suggestion; however, I think Murphy's Law applies with
the additional complexity due to the use of regex. I'm afraid of
copies being accidentally made within the sanitize method itself.
And thanks, David, for message about the !. I've removed the ! from
the method's name.
···
On Sep 6, 8:17 am, "Robert Klemme" <shortcut...@googlemail.com> wrote:
2008/9/5 Travis Warlick <twarl...@gmail.com>:
--
Travis Warlick
"Focus on the future for 50%,
on the present for 40%,
and on the past for 10%"
-- Hatsumi Soke