Actually, after writing that I realized I'd just reinvented storable vectors, and that the entire API can really be summed up by just a pair of functions for converting `ByteString`s with `Vector Word8`s:<div><br></div><div><a href="http://www.stackage.org/haddock/nightly-2015-01-12/mono-traversable-0.7.0/Data-ByteVector.html">http://www.stackage.org/haddock/nightly-2015-01-12/mono-traversable-0.7.0/Data-ByteVector.html</a><br><br><div class="gmail_quote">On Mon Jan 12 2015 at 6:02:06 AM David Feuer <<a href="mailto:david.feuer@gmail.com">david.feuer@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">In fact, it looks like Michael Snoyman has done some work on this<br>
already: <a href="https://www.fpcomplete.com/user/chad/snippets/random-code-snippets/mutable-bytestring" target="_blank">https://www.fpcomplete.com/<u></u>user/chad/snippets/random-<u></u>code-snippets/mutable-<u></u>bytestring</a><br>
Perhaps he could be convinced to finish/release it.<br>
<br>
David<br>
<br>
On Sun, Jan 11, 2015 at 10:48 PM, David Feuer <<a href="mailto:david.feuer@gmail.com" target="_blank">david.feuer@gmail.com</a>> wrote:<br>
> -1. Breaking referential transparency is completely unnecessary here.<br>
> The correct way to accomplish this, I believe, is to add a mutable<br>
> ByteString interface, and then a SecureByteString module wrapping it<br>
> and actually making the promises you want.<br>
><br>
> On Sun, Jan 11, 2015 at 10:42 PM, Erik de Castro Lopo<br>
> <<a href="mailto:mle%2Bhs@mega-nerd.com" target="_blank">mle+hs@mega-nerd.com</a>> wrote:<br>
>> Discussion period: one month<br>
>><br>
>> When handling sensitive information (like a user's password) it is<br>
>> desirable to only keep the data around for as short a time as possible.<br>
>> Specifically, relying on the garbage collector to clean it up is simply<br>
>> not good enough.<br>
>><br>
>> I therefore propose that the following function to be added to the<br>
>> Data.ByteString.Unsafe module:<br>
>><br>
>> -- | Overwrites the contents of a ByteString with \0 bytes.<br>
>> unsafeWipe :: ByteString -> IO ()<br>
>> unsafeWipe bs =<br>
>> BS.unsafeUseAsCStringLen bs $ \(ptr, len) -><br>
>> let go i<br>
>> | i < 0 = return ()<br>
>> | otherwise = pokeElemOff ptr i 0 >> go (i - 1)<br>
>> in go (len - 1)<br>
>><br>
>> It is added to the Unsafe module because it break referential transparency<br>
>> but since ByteStrings are always kept in pinned memory, it should not<br>
>> otherwise be considered unsafe.<br>
>><br>
>> It could be used as follows:<br>
>><br>
>> main = do<br>
>> passwd <- getPassword<br>
>> doSomethingWith passwd<br>
>> unsafeWipe passwd<br>
>> restOfProgram<br>
>><br>
>><br>
>> Cheers,<br>
>> Erik<br>
>> --<br>
>> ------------------------------<u></u>------------------------------<u></u>----------<br>
>> Erik de Castro Lopo<br>
>> <a href="http://www.mega-nerd.com/" target="_blank">http://www.mega-nerd.com/</a><br>
>> ______________________________<u></u>_________________<br>
>> Libraries mailing list<br>
>> <a href="mailto:Libraries@haskell.org" target="_blank">Libraries@haskell.org</a><br>
>> <a href="http://www.haskell.org/mailman/listinfo/libraries" target="_blank">http://www.haskell.org/<u></u>mailman/listinfo/libraries</a><br>
</blockquote></div></div>