Menu
▾
▴
Re: [xPG] cryptix-openpgp and OptionsTable()
|
From: Ingo L. <in...@bl...> - 2001-10-06 16:36:21
|
Hi Ruben, On Sat, Oct 06, 2001 at 11:49:49AM +0200, Ruben Malchow wrote: > 8. anbei bisserl doofer dialog + testapp (hihi). I looked at the code and one issue is that you are using Strings. This is quite natural as text-input boxes in Swing return Strings but in this special case, it has the problem that Strings are immutable. Therefore, the can't be overwritten after usage and the passphrase will be left lying around in memory somewhere. As the passphrase is quite sensitive and must not be leaked, special handling is needed. I would recommend implementing a special text-input component that writes its input into a dynamically allocated char array. KeyStore expects its input as a char-Array and the array can be overwritten with 0 after usage. You can do that by hooking into the Keyboard event processing, check out JTextComponent. Another issue is about the method naming. I would recommend following the Java Beans naming guidelines as that will make the component easier to use in GUI builders. For example, instead of "hideTyping" and "checkHideTyping" you would provide "setHideTyping(boolean)" and "isHideTyping" (or maybe correct the grammar ;-) Check out the JavaBeans introduction (can be found in the JDK documentation) for more information. Ingo |
