Great questions—this is such a critical topic for anyone building apps that handle sensitive credentials like passwords. Let’s walk through each of your concerns clearly:

Absolutely. If an attacker gains access to the host (either via local access or remote code execution that escalates privileges), they have multiple ways to extract passwords from process memory:

• Taking a full memory dump of your Python process (e.g., procdump on Windows, gcore on Linux) and scanning the dump for plaintext credentials.
• Attaching a debugger to your process to directly inspect memory regions where password variables are stored.
• Injecting malicious code into your process (if they have sufficient permissions) to snoop memory in real time.
  Even without admin/root privileges, attackers running code under the same user account as your app can often read your process’s memory on most operating systems—modern isolation mitigations help, but they aren’t foolproof.

Short answer: No. Python doesn’t have any built-in mechanisms to isolate your variables from other processes. When you store a password in a Python string or byte object, it lives in your process’s user-space memory. Any process with the right permissions can access that memory.

Worse, Python strings are immutable—once created, you can’t overwrite their contents in-place. Even if you del the variable or reassign it, the underlying memory might not be immediately overwritten (that’s up to the garbage collector), leaving the password lingering where it could be captured. Python also interns small strings, meaning short passwords might be cached in a global pool, making them even harder to fully erase.

Since you can’t fully prevent memory access, focus on minimizing exposure and making retrieval as hard as possible:

• Minimize time in memory: Clear the password from memory the second you’re done using it. For mutable types like bytearray, overwrite contents directly:

  password = bytearray(b"user_password_here")
  # Use password for validation/hashing...
  # Now erase it
  for i in range(len(password)):
      password[i] = 0
  

  For immutable strings, use lower-level tools like ctypes to overwrite the underlying memory (note: offsets vary by Python version):

  import ctypes
  password = "user_password_here"
  # Get memory address of the string's character data (adjust offset for your Python version)
  addr = id(password) + 28
  # Overwrite with null bytes
  ctypes.memset(addr, 0, len(password))
  

• Avoid strings for password storage: Use mutable byte types (bytearray) whenever possible—they let you overwrite contents without relying on low-level hacks.
• Use secure hashing exclusively: Never store plaintext passwords. Instead, store salted hashes using slow, memory-hard algorithms like Argon2, bcrypt, or PBKDF2. When validating user input, hash the input immediately and compare the hash to the stored one—this way, the plaintext password only exists in memory for the split second it takes to hash it.
• Run with minimal privileges: Launch your app using the least-privileged user account possible. Avoid root/administrator access unless absolutely necessary—this limits an attacker’s reach if they compromise your process.
• Disable core dumps: Configure your OS to prevent core dump files from being generated if your process crashes. On Linux, set ulimit -c 0 before launching the app; on Windows, disable core dumps via Group Policy or registry settings. Core dumps can contain full process memory, including passwords.
• Enable OS mitigations: Turn on ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to make it harder for attackers to locate and exploit memory containing passwords.

This is an inherent limitation—you can’t use a plaintext password for validation or decryption without loading it into memory at some point. The goal is to reduce exposure and avoid long-term storage:

• Use key derivation instead of plaintext reuse: If you need the password to generate an encryption key, use a KDF (Key Derivation Function) like Argon2 to create the key, then immediately erase the plaintext password. Use the derived key for all cryptographic operations instead of the password itself.
• Leverage hardware security: Use HSMs (Hardware Security Modules) or TPMs (Trusted Platform Modules) to handle sensitive operations. These devices store keys and perform hashing/decryption internally, so the plaintext password never leaves the hardware.
• Use short-lived tokens: If your app needs ongoing access (e.g., to a database), derive a short-lived session key from the password once, discard the password, and renew the session key periodically instead of reusing the password.

Security here is a layered approach—combine these techniques to make it as difficult as possible for attackers to retrieve passwords from memory.

内容的提问来源于stack exchange，提问作者Jaime