Data.ByteString.Unsafe.unsafeWipe
Vincent Hanquez
tab at snarc.org
Mon Jan 12 09:31:09 UTC 2015
On 12/01/2015 04:16, David Feuer wrote:
> I think this is a good idea too. I don't think a scrubbing finalizer
> can give Erik the timing guarantees he wants (at least not without
> forcing a major collection by hand, and worrying about stray
> references), but it does seem likely to be a good thing to have around
> anyway. Note that for something like a password, you also have to be
> careful about things like input buffers. I imagine a hypothetical
> SecureByteString and/or SecureText would have to offer special IO as
> well.
securemem has a finalizeSecureMem [1] which is just a wrapper for
finalizeForeignPtr, which
run the finalizer immediately.
I agree though, that you might want the whole package of secure
input/output functions
to be able to handle it end-to-end, and securemem was always a paving
stone in this direction for me.
[1] finalizeSecureMem
--
Vincent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/libraries/attachments/20150112/08fae090/attachment.html>
More information about the Libraries
mailing list