Re: [Passwordsafe-devel] SecString class
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
Re: [Passwordsafe-devel] SecString class
|
From: Jim R. <jru...@us...> - 2002-03-01 01:38:20
|
> A few weeks ago, ignorant of this list, I emailed Jim Russell about a > problem with the PWSafe source. I noticed the SecString class at that > time was subclassing std::string, which is a big no-no since > std::string > has no virtual destructor. In some instances, this can lead to the > SecString destructor never being called, and hence the memory buffer > with the SecString contents never getting cleared. I should point out to the list what I mentioned to Edward when he wrote me. First, SecString is experimental code that is *not* currently being used by the Win32 Password Safe executable. It is basically "notes to myself", and may or may not compile as is. We are looking for ways to free PWSafe from the CString class of MFC. Second, the 'string' class that I was inheriting from in my experiments is my own 'stl-like' string class, whose destructor is virtual. Okay, disclaimers out out the way, Edward makes an excellent point. Any "secure string" class that gets used here should do its security magic with its own allocator. Edward, thanks for following up on that, and I too will take a look at Denis Bider's code. The current PWSafe code (the real code that goes in the build) does multiple overwrites, but doesn't go to the kind of extremes that Peter Gutmann recommends in his excellent paper whose title I have forgotten at the moment. By the way, apologies to all for my quietness here of late. I've been a victim of the current economic climate (translation -- I'm job hunting), and I'm doing hourly consulting to pay the mortgage. I've been hacking at PWSafe, but I've let updates to the sourceforge page slide. I'm going to try to rectify that in the next few days. Jim R |
