Re: Data.ByteString.Unsafe.unsafeWipe

12 Jan 2015

      Actually, after writing that I realized I'd just reinvented storable
vectors, and that the entire API can really be summed up by just a pair of
functions for converting `ByteString`s with `Vector Word8`s:

http://www.stackage.org/haddock/nightly-2015-01-12/mono-traversable-0.7.0/Da...

On Mon Jan 12 2015 at 6:02:06 AM David Feuer  wrote:
...
In fact, it looks like Michael Snoyman has done some work on this
already: https://www.fpcomplete.com/user/chad/snippets/random-
code-snippets/mutable-bytestring
 Perhaps he could be convinced to finish/release it.
David
...
-1. Breaking referential transparency is completely unnecessary here.
The correct way to accomplish this, I believe, is to add a mutable
ByteString interface, and then a SecureByteString module wrapping it
and actually making the promises you want.
On Sun, Jan 11, 2015 at 10:42 PM, Erik de Castro Lopo
 wrote:
...
Discussion period: one month
When handling sensitive information (like a user's password) it is
desirable to only keep the data around for as short a time as possible.
Specifically, relying on the garbage collector to clean it up is simply
not good enough.
I therefore propose that the following function to be added to the
Data.ByteString.Unsafe module:
-- | Overwrites the contents of a ByteString with \0 bytes.
    unsafeWipe :: ByteString -> IO ()
    unsafeWipe bs =
        BS.unsafeUseAsCStringLen bs $ \(ptr, len) ->
            let go i
                    | i < 0 = return ()
                    | otherwise = pokeElemOff ptr i 0 >> go (i - 1)
            in go (len - 1)
It is added to the Unsafe module because it break referential
On Sun, Jan 11, 2015 at 10:48 PM, David Feuer 
wrote:
transparency
...
...
but since ByteStrings are always kept in pinned memory, it should not
otherwise be considered unsafe.
It could be used as follows:
main = do
        passwd <- getPassword
        doSomethingWith passwd
        unsafeWipe passwd
        restOfProgram
Cheers,
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
_______________________________________________
Libraries mailing list
Libraries@haskell.org
http://www.haskell.org/mailman/listinfo/libraries