从 Ruby 内存中安全擦除密码 [英] Secure erasing of password from memory in Ruby
问题描述
我正在编写一个需要处理用户企业密码的 Ruby 应用程序.我想尽量减少密码在内存中的时间,以减少密码暴露的可能性.
I'm writing a Ruby application that will need to handle a user's enterprise password. I'd like to minimize the time the password is in memory to reduce the likelihood of the password being exposed.
在母语中,我会直接删除数据.在 C# 中,我会使用 SecureString类.在 Java 中,我会使用 char[]一>.但我能找到的最好的 Ruby 是旧功能请求,它似乎已经死了.
In a native language, I would directly erase the data. In C#, I would use the SecureString class. In Java, I'd use char[]. But the best that I can find for Ruby is an old feature request that seems dead.
在 Ruby 内存中安全存储和擦除密码的标准是什么?有这样的课程吗?一种类似于Java的char[]
的编码模式?
What is the standard for securely storing and erasing passwords from memory in Ruby? Is there a class that does this? A coding pattern similar to the char[]
of Java?
推荐答案
一个 ruby 问题已经存在 5 年了 (5741),关于从内存中安全擦除机密.该问题还包含一些链接,这些链接解释了为什么从内存中擦除密码是一件好事.最近MacOs 确实遇到了 FileVault2 的问题,因为密码被存储在内存中.
A ruby issue exists for 5 years now (5741), regarding secure erasure of secrets from memory. That issue contains also some links which explain, why it is a good thing to erase passwords from memory. Lately MacOs did have an issue with FileVault2, because the password was stored within memory.
问题 5741 中显示的一种可能的解决方案是:
One possible solution shown within issue 5741 is:
pass = ""
$stdin.sysread(256, pass) # assuming a line-buffered terminal
io = StringIO.new("\0" * pass.bytesize)
io.read(pass.bytesize, pass)
它似乎适用于 ruby 2.3.1p112,但我不能保证.
It seems to work with ruby 2.3.1p112, but I can't promise it.
这篇关于从 Ruby 内存中安全擦除密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!