| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Data.SensitiveBytes.IO
Description
Reading and writing sensitive data.
Synopsis
- withUserPassword :: forall m s r. (MonadIO m, MonadMask m, WithSecureMemory) => Int -> Maybe Text -> (SensitiveBytes s -> m r) -> m r
Documentation
Arguments
| :: forall m s r. (MonadIO m, MonadMask m, WithSecureMemory) | |
| => Int | Maximum possible length of the password to read (in bytes). |
| -> Maybe Text | Prompt (defaults to "Password: "). |
| -> (SensitiveBytes s -> m r) | Action to perform with the password. |
| -> m r |
Ask the user to enter their password and read it securely.
“Securely” means “following all the best pracrices”, such as:
- Disable echoing the entered characters back to the terminal.
- Enable some sort of secure input mode, if the OS supports it.
- Store it in a secure region of memory.
Since this function reads the data into securely allocated memory,
which is very expensive to allocate, it needs to know the maximum
possible length of the password to be read.
If the user enters something longer, it will be silently discarded
(similar to readpassphrase on BSD).
In the future it is possible that this limitation will be removed
at the cost of performing multiple expensive allocations.
This function always writes prompt to stdout and then reads from stdin.
Example:
withSecureMemory$withUserPassword128 (Just "Enter your password: ") $ pw -> do {- hash thepwor do something else with it -}