-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clear contents of sensitive header values on drop #662
Comments
I don't think this is currently something we should try to promise. The point of the sensitive flag is as a hint so the value does not get stored in the h2/h3 dynamic table. It's not meant to be a comprehensive secret container. |
I don't mean this as an explicit promise, more as a "better safe than sorry" implementation detail. An alternative is to still try to get |
Since sensitive data can be stored in headers (i.e. credentials in an
Authorization
header), it would be nice for the value to be "zero-ed out" when they are dropped so as to not leave their data in memory. This is difficult asHeaderValue
stores its contents inBytes
, but I think it would be possible to add atry_as_mut(&mut self) -> Option<&mut [u8]>
method toBytes
to accomplish this.I am fully willing to implement this myself, and have already started work towards that in tokio-rs/bytes#643, but I thought it good to make sure this goal is something you'd be interested in before continuing.
The text was updated successfully, but these errors were encountered: