Just wanted to mention that I've modified the class myself in order to have
the password and passphrase cleared after login.
It seems like a good idea to discard such things if they are not needed
>From: Eric Meek <meek@...>
>Subject: [JSch-users] Password/Passphrase storage in JSch
>Date: Mon, 20 Sep 2004 15:39:16 -0400
>-----BEGIN PGP SIGNED MESSAGE-----
>I am working on a project making use of jsch. Because our team decided not
>to use the provided password/passphrases message boxes, I developed a
>custom message box using a JPasswordField. Since I wasn't interfacing with
>JSch, I didn't realize until then JSch stored passwords/passphrases as
>I really don't like this method of storage since Strings are objects.
>Because of this, I have changed all of the passwords/passphrases to be
>stored as either a byte or char and implemented dispose within the
>UserInfo objects zeroing the password/passphrase. Doing this allows JSch
>to maintain the same security implemented in the JPasswordField with the
>password/passphrase zeroed out when the object is destroyed.
>I have not tested the changes completely, but have tested the changes with
>our application. I would like to see the changes included in the next
>version of JSch so we don't have to patch every new release.
>If anyone is interested in these changes, let me know.
>"It takes less time to do a right thing than it does to explain why you did
>it wrong." - Henry Wadsworth Longfellow
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (Darwin)
>-----END PGP SIGNATURE-----
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
>JSch-users mailing list
MSN® Calendar keeps you organized and takes the effort out of scheduling
Start enjoying all the benefits of MSN® Premium right now and get the
first two months FREE*.