I is cast in stone.
>>
>> 2.0 has been out for a long time. 2.1 is ready for a release IMO.
>>
>> Gary
>>
>>
>>>
>>> I'd be willing to take a crack at a patch to implement this change if
>>> there was enough interest.
>>>
>>>
gt;
> ~Roger Whitcomb
>
> -Original Message-
> From: Gary Gregory [mailto:garydgreg...@gmail.com]
> Sent: Monday, July 08, 2013 5:52 PM
> To: Commons Developers List
> Subject: Re: [VFS] Passing around password as byte[] instead
>
> On Mon, Jul 8, 2013 at 7:05 PM, Roger L.
Yes, 2.1 was what I meant...
~Roger Whitcomb
-Original Message-
From: Gary Gregory [mailto:garydgreg...@gmail.com]
Sent: Monday, July 08, 2013 5:52 PM
To: Commons Developers List
Subject: Re: [VFS] Passing around password as byte[] instead
On Mon, Jul 8, 2013 at 7:05 PM, Roger L
> I'd be willing to take a crack at a patch to implement this change if
> > there was enough interest.
> >
> > Thanks,
> > ~Roger
> >
> > -----Original Message-
> > From: Honton, Charles [mailto:charles_hon...@intuit.com]
> > Sent: Monday, Jul
les_hon...@intuit.com]
> Sent: Monday, July 08, 2013 3:53 PM
> To: Commons Developers List
> Subject: Re: [VFS] Passing around password as byte[] instead
>
> Or maybe a Password class that's tailor designed to obsfucate and zero
> contents...
>
> On 7/8/13 3:23 PM, "se
ssage-
From: Honton, Charles [mailto:charles_hon...@intuit.com]
Sent: Monday, July 08, 2013 3:53 PM
To: Commons Developers List
Subject: Re: [VFS] Passing around password as byte[] instead
Or maybe a Password class that's tailor designed to obsfucate and zero
contents...
On 7/8/13 3:23 PM, &
Or maybe a Password class that's tailor designed to obsfucate and zero
contents...
On 7/8/13 3:23 PM, "sebb" wrote:
>On 8 July 2013 23:05, Roger L. Whitcomb wrote:
>> I had a thought that it would be more secure to pass password data
>> around in VFS as byte arrays instead of String objects so
I would expect char[] or byte[] to be just as easily recognizable. People
have used them to store passwords because those data types can be zero'd
out; whereas, String is immutable and references are kept by the intern
mechanism of String. If the char[] or byte[] is ever converted to a String
(or o
I've seen char[] used for passwords instead of String, but not byte[]. As
soon as you use a byte[] for a String you need to track an encoding as
well.
Gary
On Mon, Jul 8, 2013 at 6:05 PM, Roger L. Whitcomb wrote:
> I had a thought that it would be more secure to pass password data
> around in
Also worth noting: an extensively developed [Citation Needed], open source,
java obfu tool (proguard) considers even proper String encryption to have
such little value as to not include it.
http://proguard.sourceforge.net/#FAQ.html
On Mon, Jul 8, 2013 at 6:26 PM, Mark Thomas wrote:
> "Roger L.
"Roger L. Whitcomb" wrote:
>I had a thought that it would be more secure to pass password data
>around in VFS as byte arrays instead of String objects so they could
>less easily be found by memory dumpers/scanners. This would apply (for
>instance) to GenericFileName constructor and access method
On 8 July 2013 23:05, Roger L. Whitcomb wrote:
> I had a thought that it would be more secure to pass password data
> around in VFS as byte arrays instead of String objects so they could
> less easily be found by memory dumpers/scanners. This would apply (for
> instance) to GenericFileName constr
I had a thought that it would be more secure to pass password data
around in VFS as byte arrays instead of String objects so they could
less easily be found by memory dumpers/scanners. This would apply (for
instance) to GenericFileName constructor and access methods, etc.
Obviously, at some point,
13 matches
Mail list logo
