Hi everyone, I noticed in the code some annihilation of O[U]String content by using memset or rtl_zeroMemory directly on the content as a password security. It breaks encapsulation and the string immutability, not so good. I think there is four possibilities, in order of my personal preference ;-) :
1. Don't eradicate the string content, the content remain in RAM until the string deletion and a new allocation of the area 2. Add a O[U]String eradicator for the password annihilation, better encapsulation of the String 3. Use a modifiable StringBuffer or a char array like in Java for JPasswordField and eradicate its content 4. Keep memset in the code Thanks in advance for the clarification, I will do this after removing rtl/memory.h internal usage task. -- Arnaud Versini
_______________________________________________ LibreOffice mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice
