Hi everyone,
I noticed in the code some annihilation of O[U]String content by using
memset or rtl_zeroMemory directly on the content as a password security. It
breaks encapsulation and the string immutability, not so good. I think
there is four possibilities, in order of my personal preference ;-) :
1. Don't eradicate the string content, the content remain in RAM until
the string deletion and a new allocation of the area
2. Add a O[U]String eradicator for the password annihilation, better
encapsulation of the String
3. Use a modifiable StringBuffer or a char array like in Java for
JPasswordField and eradicate its content
4. Keep memset in the code
Thanks in advance for the clarification, I will do this after removing
rtl/memory.h internal usage task.
--
Arnaud Versini
Context
- Usage of memset to eradicate string content · Arnaud Versini
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.