Uses Drop impl to ensure passwords are zeroed on error

conradkleinespel / rpassword

Cross platform Rust library to read a password in the terminal (Linux, BSD, OSX, Windows, WASM).

Apache License 2.0

244 stars 38 forks source link

Uses Drop impl to ensure passwords are zeroed on error #42

Closed tov closed 4 years ago

tov commented 4 years ago

This fixes #41 by wrapping the String that holds the password in a new type, ZeroOnDrop, that zeroes the string inside when it's dropped. This means that a good portion of the code for zeroing disappears, which I think makes the code a bit more readable. It should also make it harder to forget to zero it. The ZeroOnDrop struct provides a method into_inner that returns the contains String by value, for the case where we actually want it.

conradkleinespel commented 4 years ago

@tov Thanks again for your help ! I've added you to the README.md. I've just waiting for the builds to finish, if it's all green I'll publish as version 4.0.5 on crates.io.