String sanitizing

[Travis Warlick]

I have implemented a sanitize! method into the String class to
properly erase Strings from memory (example usage: clearing a password
from memory), but I want to make sure that what I'm doing is actually
doing what I think it is.

Basically, is this code going to leave _anything_ lying around in
memory because of any undocumented/strange behavior or side effects of
the []= method?

class String
def sanitize!
for i in 0...self.length
self = 0
end
self.delete!("\000")
end
end

Also, feel free to recommend any "better" ways to do this.

--
Travis

"You get it, hm? But it's not your head
that needs to understand!"
-- Hatsumi O'Sensei

 

[David A. Black]

Hi --

I have implemented a sanitize! method into the String class to properly erase
Strings from memory (example usage: clearing a password from memory), but I
want to make sure that what I'm doing is actually doing what I think it is.

Basically, is this code going to leave _anything_ lying around in memory
because of any undocumented/strange behavior or side effects of the []=
method?

class String
def sanitize!
for i in 0...self.length
self = 0
end
self.delete!("\000")
end
end

Also, feel free to recommend any "better" ways to do this.

Yes: don't give it an unpaired !-terminated name

http://dablog.rubypal.com/2007/8/15/bang-methods-or-danger-will-rubyist

I know that's not an answer to your question, but I'm not sure about
the memory handling, especially as it might work in different Ruby
implementations and/or versions.


David

--
Rails training from David A. Black and Ruby Power and Light:
Intro to Ruby on Rails January 12-15 Fort Lauderdale, FL
Advancing with Rails January 19-22 Fort Lauderdale, FL *
* Co-taught with Patrick Ewing!
See http://www.rubypal.com for details and updates!