在 python 中将数据标记为敏感
我需要在内存中短期存储用户的密码。 我怎样才能做到这一点而又不会在核心转储或回溯中意外泄露此类信息? 有没有办法将值标记为“敏感”,这样调试器就不会将其保存在任何地方?
I need to store a user's password for a short period of time in memory. How can I do so yet not have such information accidentally disclosed in coredumps or tracebacks? Is there a way to mark a value as "sensitive", so it's not saved anywhere by a debugger?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
编辑
我制定了一个使用 ctypes(反过来使用 C)将内存归零的解决方案。
我不保证此代码的安全性。 它经过测试可在 x86 和 CPython 2.6.2 上运行。 更长的文章是 这里。
在Python中解密和加密是行不通的。 字符串和整数是被保留和持久的,这意味着您会在各处留下混乱的密码信息。
散列是标准答案,尽管明文最终需要在某个地方进行处理。
正确的解决方案是将敏感进程作为 C 模块来执行。
但如果你的记忆不断受到损害,我会重新考虑你的安全设置。
Edit
I have made a solution that uses ctypes (which in turn uses C) to zero memory.
I make no guarantees of the safety of this code. It is tested to work on x86 and CPython 2.6.2. A longer writeup is here.
Decrypting and encrypting in Python will not work. Strings and Integers are interned and persistent, which means you are leaving a mess of password information all over the place.
Hashing is the standard answer, though of course the plaintext eventually needs to be processed somewhere.
The correct solution is to do the sensitive processes as a C module.
But if your memory is constantly being compromised, I would rethink your security setup.
来源:http://www.ibm.com/developerworks /library/s-data.html
软件(Addison-Wesley,2001)和 Java 企业架构
(奥莱利及其同事,2001 年)。 约翰撰写了 50 多部
技术出版物,主要是软件安全领域的技术出版物。
他还编写了 Mailman(GNU 邮件列表管理器)和 ITS4(一种工具)
用于查找 C 和 C++ 代码中的安全漏洞。
Source: http://www.ibm.com/developerworks/library/s-data.html
Software (Addison-Wesley, 2001) and Java Enterprise Architecture
(O'Reilly and Associates, 2001). John has authored more than 50
technical publications, primarily in the area of software security.
He also wrote Mailman, the GNU Mailing List Manager and ITS4, a tool
for finding security vulnerabilities in C and C++ code.
无法“标记为敏感”,但您可以对内存中的数据进行加密,并在需要使用时再次解密——这不是完美的解决方案,但是我能想到的最好的解决方案。
No way to "mark as sensitive", but you could encrypt the data in memory and decrypt it again when you need to use it -- not a perfect solution but the best I can think of.
,或者,如果您对转储非常偏执,请将唯一的随机密钥存储在其他地方,例如在不同的线程中,在注册表中,在您的服务器上, ETC。
or, if you're very paranoid about dumps, store unique random key in some other place, e.g. i a different thread, in a registry, on your server, etc.
基于 culix 的回答:以下适用于 Linux 64 位架构。
在基于 Debian 的系统上进行了测试。
based on culix's answer: the following works with Linux 64-bit architecture.
Tested on Debian based systems.