-1

Using python, I've encountered an interesting problem: my script reads some sensitive info, and I want the data completely scrubbed as soon as it's been used. Something like:

try:
    useData(sensitiveString)
except:
    print("There was a problem executing useData()")
finally:
    scrubFromMemory(sensitiveString)

This is to minimize the chance of sensitiveString still inhabiting memory, even in the event of an error. I thought about altering the string, something like:

sensitiveString = "*" * (len(sensitiveString)-1)  # does this overwrites memory, or creates a new object?
sensitiveString = "*" * 10000  # sensitive string is guaranteed to be relatively short
del sensitiveString
gc.collect()

But I read somewhere that in python (due to c-implementation), modification of the string will result in creation of a new string object in memory. So the original sensitiveString can still "ghost" exist somewhere in the memory dump of the application. I'd like to avoid that. EDIT: typo - gc.collect() instead of just gc()

Any suggestions how I can completely scrub sensitiveString from memory?

Ruslan
  • 911
  • 2
  • 11
  • 28

2 Answers2

0

You need to call the garbace collector.

gc documentation

gc.collect()
schmerbert
  • 1
  • Wouldn't gc() only remove the reference to the object in memory? The string itself would still ghost around in memory, wouldn't it? (Also, thanks for indicating - it was a typo in the original post, I meant gc.collect() and not gc() – Ruslan Jan 18 '20 at 07:56
  • 1
    del sensitiveString removes the reference already. the gc frees the memory. – schmerbert Jan 18 '20 at 08:21
-1

Ok, apparently, there's no real way to do this in Python, since string objects are immutable. References to these strings exist all over the place. Best one can do, is del and gc.collect(). As specified in this link, "accept it, or move on. Anything else will give you a false sense of security"

Ruslan
  • 911
  • 2
  • 11
  • 28