On Fri, 2005-06-10 at 23:07 +0900, James Edward Gray II wrote:
> On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:
> 
> > hmmm... it's probably still in memory for a while unless there is  
> > an explicit
> > method to clear it.  some password libs have this feature.
> 
> Would something like the following be an improvement, do you think?
> 
> #!/usr/local/bin/ruby -w
> 
> def fetch_password
>      pass = ""
>      pass << "password"
>      pass
> ensure
>      pass = nil
> end
> 
> p fetch_password    # => "password"
> 
> __END__

Or something like (untested):

def fetch_password
  pass = ""
  pass << "password"
  yield pass
ensure
  pass[0..-1] = "\0" * pass.size
  pass = nil
end

fetch_password do |pass|
  # check validity but do not copy/link pass anywhere
end


Guillaume.