Data.ByteString.Unsafe.unsafeWipe

Michael Snoyman michael at snoyman.com
Mon Jan 12 08:47:31 UTC 2015 

Actually, after writing that I realized I'd just reinvented storable
vectors, and that the entire API can really be summed up by just a pair of
functions for converting `ByteString`s with `Vector Word8`s:

http://www.stackage.org/haddock/nightly-2015-01-12/mono-traversable-0.7.0/Data-ByteVector.html

On Mon Jan 12 2015 at 6:02:06 AM David Feuer <david.feuer at gmail.com> wrote:

> In fact, it looks like Michael Snoyman has done some work on this
> already: https://www.fpcomplete.com/user/chad/snippets/random-
> code-snippets/mutable-bytestring
>  Perhaps he could be convinced to finish/release it.
>
> David
>
> On Sun, Jan 11, 2015 at 10:48 PM, David Feuer <david.feuer at gmail.com>
> wrote:
> > -1. Breaking referential transparency is completely unnecessary here.
> > The correct way to accomplish this, I believe, is to add a mutable
> > ByteString interface, and then a SecureByteString module wrapping it
> > and actually making the promises you want.
> >
> > On Sun, Jan 11, 2015 at 10:42 PM, Erik de Castro Lopo
> > <mle+hs at mega-nerd.com> wrote:
> >> Discussion period: one month
> >>
> >> When handling sensitive information (like a user's password) it is
> >> desirable to only keep the data around for as short a time as possible.
> >> Specifically, relying on the garbage collector to clean it up is simply
> >> not good enough.
> >>
> >> I therefore propose that the following function to be added to the
> >> Data.ByteString.Unsafe module:
> >>
> >>     -- | Overwrites the contents of a ByteString with \0 bytes.
> >>     unsafeWipe :: ByteString -> IO ()
> >>     unsafeWipe bs =
> >>         BS.unsafeUseAsCStringLen bs $ \(ptr, len) ->
> >>             let go i
> >>                     | i < 0 = return ()
> >>                     | otherwise = pokeElemOff ptr i 0 >> go (i - 1)
> >>             in go (len - 1)
> >>
> >> It is added to the Unsafe module because it break referential
> transparency
> >> but since ByteStrings are always kept in pinned memory, it should not
> >> otherwise be considered unsafe.
> >>
> >> It could be used as follows:
> >>
> >>     main = do
> >>         passwd <- getPassword
> >>         doSomethingWith passwd
> >>         unsafeWipe passwd
> >>         restOfProgram
> >>
> >>
> >> Cheers,
> >> Erik
> >> --
> >> ----------------------------------------------------------------------
> >> Erik de Castro Lopo
> >> http://www.mega-nerd.com/
> >> _______________________________________________
> >> Libraries mailing list
> >> Libraries at haskell.org
> >> http://www.haskell.org/mailman/listinfo/libraries
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/libraries/attachments/20150112/8af1ac9d/attachment.html>

More information about the Libraries mailing list