From: Eric Meek <meek@cs...> - 2004-09-20 19:39:33
-----BEGIN PGP SIGNED MESSAGE-----
I am working on a project making use of jsch. Because our team decided
not to use the provided password/passphrases message boxes, I developed
a custom message box using a JPasswordField. Since I wasn't
interfacing with JSch, I didn't realize until then JSch stored
passwords/passphrases as Strings.
I really don't like this method of storage since Strings are objects.
Because of this, I have changed all of the passwords/passphrases to be
stored as either a byte or char and implemented dispose within the
UserInfo objects zeroing the password/passphrase. Doing this allows
JSch to maintain the same security implemented in the JPasswordField
with the password/passphrase zeroed out when the object is destroyed.
I have not tested the changes completely, but have tested the changes
with our application. I would like to see the changes included in the
next version of JSch so we don't have to patch every new release.
If anyone is interested in these changes, let me know.
"It takes less time to do a right thing than it does to explain why you
did it wrong." - Henry Wadsworth Longfellow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----