开发者

How do I securely wipe a file / directory in Python?

开发者 https://www.devze.com 2023-01-04 16:47 出处:网络
Is there any module which provides somehow ba开发者_如何学Csic \"secure\" deletion, sth. like the Linux utility \"wipe\", e.g.

Is there any module which provides somehow ba开发者_如何学Csic "secure" deletion, sth. like the Linux utility "wipe", e.g.

import securitystuff

securitystuff.wipe( filename )

I need to protect company source code which should not be easily retrievable anymore.

P.S. Yes I know "wipe" is not perfect, e.g. on journalling filesystem. But the security demand is not tooo high.


There is no such function in standard library and a naive implementation which overwrites each byte of file with a random byte is not too difficult to do e.g.

 f = open(path, "wb")
 f.write("*"*os.path.getsize(path))
 f.close()
 os.unlink(path)

But as suggested in thread http://mail.python.org/pipermail/python-list/2004-September/899488.html this doesn't guarantee wiping due to many reasons, e.g. disk cache, remapping of disk sectors etc etc

So instead of implementing your own wipe easiest would be to call linux wipe from python.

Alternate option is to use srm


def secure_delete(path, random_fill=True, null_fill=True, passes=3):
    """
    securely delete a file by passing it through both random and null filling
    """
    files = os.listdir(path)
    for i, f in enumerate(files):
        files[i] = "{}/{}".format(path, f)
    for item in files:
        with open(item, "wr") as data:
            length = data.tell()
            if random_fill:
                for _ in xrange(passes):
                    data.seek(0)
                    data.write(os.urandom(length))
            if null_fill:
                for _ in xrange(passes):
                    data.seek(0)
                    data.write("\x00" * length)
        os.remove(item)

Note this will wipe the file to the point that it will be virtually impossible to recover with a standard system, but this is not going to stop someone who really wants your data from recovering the file. You might be able to implement it with the above answer to make it more secure.

0

精彩评论

暂无评论...
验证码 换一张
取 消