-
Notifications
You must be signed in to change notification settings - Fork 241
Secure data erasure
The secure data erasure helpers are defined in wil/resource.h
as part of the RAII resource wrappers library.
Some components handle sensitive data; passwords or other data that should be scrubbed from memory when no longer needed. To guarantee the necessary calls to SecureZeroMemory in the face of early returns and exceptions, WIL provides the following helpers:
// Erase a given buffer when the returned variable goes out of scope
auto zero = wil::SecureZeroMemory_scope_exit(buffer, ARRAYSIZE(buffer));
// Erase the value of the following string when the returned variable goes out of scope
auto zero = wil::SecureZeroMemory_scope_exit(passwordString);
Similarly, you can use some
wistd::unique_ptr<T> specializations
to hold allocated objects that are securely zeroed, such as
unique_cotaskmem_secure_ptr
.
Through WIL's stl header (wil\stl.h
) you can also get access to
wil::secure_allocator
which you can plug into any stl collection, or
utilize one of the existing type defines that already does this for
(wil::secure_vector
, wil::secure_wstring
, wil::secure_string
).