You are viewing an older version of the site. Click here to view
the latest version of this page. (This may be a dead link, if so, try the root page of the docs
here.)
== secure_string ==
string |- ! scope="row" | Throws | [[../objects/ms.lang.FormatException|ms.lang.FormatException]] |- ! scope="row" | Since | 3.3.2 |- ! scope="row" | Restricted |
Copy Code
The output would be:
Copy Code
The output would be:
Copy Code
The output would be:
Copy Code
The output would be:
Constructs a secure_string from a given char array or string.
=== Vital Info ===
{| style="width: 40%;" cellspacing="1" cellpadding="1" border="1" class="wikitable"
|-
! scope="col" width="20%" |
! scope="col" width="80%" |
|-
! scope="row" | Name
| secure_string
|-
! scope="row" | Returns
| secure_string
|-
! scope="row" | Usages
| charArraystring |- ! scope="row" | Throws | [[../objects/ms.lang.FormatException|ms.lang.FormatException]] |- ! scope="row" | Since | 3.3.2 |- ! scope="row" | Restricted |
No
|-
! scope="row" | Optimizations
| None
|}A secure_string is a string which cannot normally be toString'd, and whose underlying representation is encrypted in memory. This should be used for storing passwords or other sensitive data which should in no cases be stored in plain text. Since this extends string, it can generally be used in place of a string, and when done so, cannot accidentally be exposed (via logs or exception messages, or other accidental exposure) unless it is specifically instructed to decrypt and switch to a char array. While this cannot by itself ensure security of the value, it can help prevent most accidental exposures of data by intermediate code. When exported as a string (or imported as a string) other code must be written to ensure safety of those systems. It is recommended that a secure value never be stored as a string, however, this method accepts a string for compatibility reasons.
=== Usages ===
secure_string(charArray)
secure_string(string)=== Examples === ====Example 1==== Demonstrates secure value Given the following code:
msg(secure_string("test"));
Copy Code1 {{function|msg}}({{function|secure_string}}("test"));
**secure string**====Example 2==== Demonstrates common usage Given the following code:
secure_string @secure = secure_string(array('p','a','s','s'));
msg(@secure); // Won't print the actual password to screen
msg(decrypt_secure_string(@secure)); // Prints the actual password (as a char array)
Copy Code1 {{object|secure_string}} @secure = {{function|secure_string}}({{function|array}}('p','a','s','s'));
2 {{function|msg}}(@secure); // Won't print the actual password to screen
3
4 {{function|msg}}({{function|decrypt_secure_string}}(@secure)); // Prints the actual password (as a char array)
**secure string**
{p, a, s, s}
====Example 3====
Demonstrates compatibility with other functions
Given the following code:
@profile = array(
user: 'username',
password: secure_string('password')
);
msg(@profile);
Copy Code1 @profile = {{function|array}}(
2 user: 'username',
3 password: {{function|secure_string}}('password')
4 );
5 {{function|msg}}(@profile);
{password: **secure string**, user: username}
====Example 4====
Demonstrates compatibility with string class
Given the following code:
string @sec = secure_string('password'); // Not an error, because secure_string extends string
msg(decrypt_secure_string(@sec));
Copy Code1 {{object|string}} @sec = {{function|secure_string}}('password'); // Not an error, because secure_string extends string
2
3 {{function|msg}}({{function|decrypt_secure_string}}(@sec));
{p, a, s, s, w, o, r, d}
===See Also===
[[API/functions/decrypt_secure_string.html|decrypt_secure_string]]Find a bug in this page? Edit this page yourself, then submit a pull request. (Note this page is automatically generated from the documentation in the source code.)
