That's a good point, at most this is going to throw away the previous object, leaving it to be garbage collected later, but I assume that's slightly beyond the scope of what the OP is asking, I think his question is more along the lines of if there's an internal field that is held onto by the object beyond the raw object which will be hanging inside the vm until garbage collected and overwritten by something else..
kris On Thu, Aug 9, 2012 at 1:21 AM, Chandra Mouli <[email protected]> wrote: > I believe setText() would just make the internal text object point to the > new char[] object. But it won't actually zeroize the previous contents in > the memory. In a managed environment like JAVA that's pretty much what you > can do unless the API to fill the actual text array with ZEROs is exposed. > > > On Sun, Aug 5, 2012 at 1:29 AM, Kristopher Micinski <[email protected]> > wrote: >> >> You're not understanding, he's asking if he calls settext, does that clear >> the data, or does the widget keep the old data around somewhere internally. >> I believe the answer is that if you clear with settext then you're fine... >> >> On Aug 4, 2012 3:29 PM, "RichardC" <[email protected]> wrote: >>> >>> That is what I meant - call setText() with some rubbish after you have >>> read it. >>> >>> On Saturday, August 4, 2012 8:02:28 PM UTC+1, Jeffrey Walton wrote: >>>> >>>> On Sat, Aug 4, 2012 at 2:51 PM, RichardC >>>> <[email protected]> wrote: >>>> > How about clearing yourself? You will need to remember you have read >>>> > it so >>>> > you don't re-read the cleared version. >>>> Forgive my ignorance here. I would expect getText to give us a copy of >>>> its internal data; and we can replace the [displayed] text with the >>>> setText method. If I modify the char[] from getText, I don't modify >>>> the internal data unless setText is subsequently called. >>>> >>>> Does the EditText give us access to its private data? >>>> >>>> > On Saturday, August 4, 2012 7:18:51 PM UTC+1, Jeffrey Walton wrote: >>>> >> >>>> >> Hi All, >>>> >> >>>> >> EditText handles text input. We can mask the characters by adding the >>>> >> android:password attribute. >>>> >> >>>> >> We can fetch a copy of the text with getText, and then erase or >>>> >> zeroize the data in the char[] when finished. However, its not clear >>>> >> to me what happens to the EditText's internal data with >>>> >> android:password when the widget is destroyed. Does the EditText >>>> >> behave securely by erasing or zeroizing its internal data? >>>> >> >>>> >> When an application recieves an onPause, I want the EditText to erase >>>> >> or zeroize its internal data (data that I have not yet fetched with >>>> >> getText). Is it possible to instruct the EditText to erase or zeroize >>>> >> its internal data? >>>> >> >>>> >> Or is there another UI control we should be using? >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Android Security Discussions" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/android-security-discuss/-/pkN17H05fuIJ. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. > > > > > -- > చంద్రమౌళి -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
