Main changes of patch:
SecureEdit now used ProtectedStrings rather than its own internal classes, I removed the ToUtf8 / GetAsString, technically these could be added back in (just calling the protected string functiosn) for plugins, and should just be marked depreceated to throw up warnings. This will encourage plugins to move to getting the ProtectedString as they then may also not need to decrypt it.
ProtectedString - Allow copying another ProtectedString without actually decrypting the other string. Allow comparing to another secure string (does require decrypting the strings a byte at a time for securestrings, but a bit better than just straight up decrypting the entire string into managed memory). Added RemoveInsert to be able to manipulate a ProtectedString (needed for SecureEdit). Finally modified ReadXorredString, to not just decrypt the entire securestring into a byte array for outputting.
XorredBuffer - Added Copy and Equals. Both which do so without decrypting the string, Copy does result in both strings having the same xor key, this could be changed is a cryptosource was passed in, but I am not sure its overly needed.
The primary goal is to avoid decrypting protected strings whenever possible. Now the only time a string is decrypted is when its actually going to be used. There is one exception to this, and thats the quality calculator. Personally I believe this feature should be changed to be an option rather than always done, as it does cause it to be decrypted into memory and some people may not find it necessary.
One of the ClipboardCopy methods wasn't checking policy prior to trying to copy, rather than checking later. Added a check in (MainForm.cs), this prevents the password from being decrypted if not allowed anyway.
I found was there was no decent way to properly track database changes (primarily only when the database was saved). To solve this I improved the touch functionality, ensuring that the Group always gets notified on child edits. (One can subscribe to the root group and get updates any time an entry is touched).
Log in to post a comment.