Overwrite memory after sending a request with Reqwest

sixsevenfive · January 11, 2025, 8:15am

Is there any way to overwrite sensitive data after sending a post request using the Reqwest library?

Basically like this example I would want to clear out the password after the request. However as far as I can find the data gets copied into the body no matter what so the zeroing of the other data doesn't work because there's still a copy I don't have control over.

pub fn login(username: &str, password: &Zeroizing<String>) -> Result {
    let client = reqwest::blocking::Client::new();
    let json = Zeroizing::new(format!("{{\"username\": \"{}\", \"password\": \"{}\"}}", username, password.as_str()).to_string());
    let json_v = Zeroizing::new(Vec::from(json.as_str()));
    let res2 = client.post("https://myurl.com").body(json_v.to_vec()).header("content-type", "application/json").send();
}

Bruecki · January 11, 2025, 9:58am

I think you can use https://docs.rs/bytes/1.9.0/bytes/struct.Bytes.html#method.from_owner to create a Bytes struct from Zeroizing<Vec<u8>> and use that as the body.

sixsevenfive · January 11, 2025, 7:26pm

Thanks but unfortunately I can't seem to get that to work either and there's also the problem of the entire post request as a string sitting in memory so I'm thinking reqwests just isn't suitable for this kind of thing.

system · April 11, 2025, 7:26pm

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Reqwest post response 200 but no json payload help	3	1468	January 12, 2023
How do I clone a reqwest::Response?	6	6560	August 6, 2019
Use the ".text" and ".json" content of reqwest::blocking::Response multiple times	3	1785	May 2, 2024
Reqwest read large files as byte stream help	5	3813	August 24, 2021
Passing bytes to reqwest::multipart, Cow needed help	3	1631	September 24, 2020

Overwrite memory after sending a request with Reqwest

Related topics