commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [VFS] Passing around password as byte[] instead
Date Tue, 09 Jul 2013 00:51:52 GMT
On Mon, Jul 8, 2013 at 7:05 PM, Roger L. Whitcomb <Roger.Whitcomb@actian.com
> wrote:

> Well, that's what .Net did with SecureString, and OpenSSL did as well.
> There is a longer discussion here:
> http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-st
> ring-for-passwords
> that talks more about the pros and cons.
>
> The main reason I bring it up is that, even though it doesn't provide
> *that much* extra security, providing some help at the API levels seems
> better than doing nothing ...  It seems that, even though it provides
> only minimal security, it is *still* considered best practice to zero
> out password fields as soon as possible to minimize the potential
> security risks.
>
> So, seeing that VFS 2.0 is not quite released yet, it seemed like a good
> time to at least raise the question before the API is cast in stone.
>

2.0 has been out for a long time. 2.1 is ready for a release IMO.

Gary


>
> I'd be willing to take a crack at a patch to implement this change if
> there was enough interest.
>
> Thanks,
> ~Roger
>
> -----Original Message-----
> From: Honton, Charles [mailto:Charles_Honton@intuit.com]
> Sent: Monday, July 08, 2013 3:53 PM
> To: Commons Developers List
> Subject: Re: [VFS] Passing around password as byte[] instead
>
> Or maybe a Password class that's tailor designed to obsfucate and zero
> contents...
>
> On 7/8/13 3:23 PM, "sebb" <sebbaz@gmail.com> wrote:
>
> >On 8 July 2013 23:05, Roger L. Whitcomb <Roger.Whitcomb@actian.com>
> wrote:
> >> I had a thought that it would be more secure to pass password data
> >> around in VFS as byte arrays instead of String objects so they could
> >> less easily be found by memory dumpers/scanners.  This would apply
> >> (for
> >> instance) to GenericFileName constructor and access methods, etc.
> >> Obviously, at some point, you have to convert to String (like in
> >> "GenericFileName.appendCredentials"), but it seems like at least some
>
> >> level of obfuscation, as in storing the data as bytes might be useful
>
> >> to increase security.
> >
> >Another reason for using bytes is that the array can be zeroed out - or
>
> >replaced with fake password to fool hackers ;-) - once it has been
> >used.
> >This is not possible with immutable strings.
> >
> >>
> >>
> >> Thoughts?  Thanks.
> >>
> >>
> >>
> >> ~Roger Whitcomb
> >>
> >> Apache Pivot PMC Chair
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >For additional commands, e-mail: dev-help@commons.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message