For instance:
so asigning an integer to the variable does not overwrite the memory.$a = "foo bar"; $a = 0; Dump $a; # SV = PVIV(0x8155b10) at 0x8154654 # REFCNT = 1 # FLAGS = (IOK,pIOK) # IV = 0 # PV = 0x816fa60 "foo bar"\0 # CUR = 7 # LEN = 8
but assigning a string of the same size seems to work!$a = "foo bar"; Dump $a; $a = '*' x length $a; Dump $a; # SV = PV(0x8154b00) at 0x8154654 # REFCNT = 1 # FLAGS = (POK,pPOK) # PV = 0x816fa78 "foo bar"\0 # CUR = 7 # LEN = 8 # SV = PV(0x8154b00) at 0x8154654 # REFCNT = 1 # FLAGS = (POK,pPOK) # PV = 0x816fa78 "*******"\0 # CUR = 7different # LEN = 8
Anyway, you should also take into account, that the string (or parts of it) can be copied when passed to a subroutine, perl builtin or operator, and what is safe, is highly implementation dependent and could change between perl versions!
In reply to Re: Is it possible to sanitize Perl memory that holds sensitive data? (crypto implications)
by salva
in thread Is it possible to sanitize Perl memory that holds sensitive data? (crypto implications)
by missingthepoint
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |