Usage of memset to eradicate string content
Arnaud Versini
arnaud.versini at gmail.com
Thu Aug 23 12:00:53 PDT 2012
Hi everyone,
I noticed in the code some annihilation of O[U]String content by using
memset or rtl_zeroMemory directly on the content as a password security. It
breaks encapsulation and the string immutability, not so good. I think
there is four possibilities, in order of my personal preference ;-) :
1. Don't eradicate the string content, the content remain in RAM until
the string deletion and a new allocation of the area
2. Add a O[U]String eradicator for the password annihilation, better
encapsulation of the String
3. Use a modifiable StringBuffer or a char array like in Java for
JPasswordField and eradicate its content
4. Keep memset in the code
Thanks in advance for the clarification, I will do this after removing
rtl/memory.h internal usage task.
--
Arnaud Versini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120823/62354ab9/attachment.html>
More information about the LibreOffice
mailing list