I believe setText() would just make the internal text object point to the new char[] object. But it won't actually zeroize the previous contents in the memory. In a managed environment like JAVA that's pretty much what you can do unless the API to fill the actual text array with ZEROs is exposed.
On Sun, Aug 5, 2012 at 1:29 AM, Kristopher Micinski <[email protected]>wrote: > You're not understanding, he's asking if he calls settext, does that clear > the data, or does the widget keep the old data around somewhere internally. > I believe the answer is that if you clear with settext then you're fine... > On Aug 4, 2012 3:29 PM, "RichardC" <[email protected]> wrote: > >> That is what I meant - call setText() with some rubbish after you have >> read it. >> >> On Saturday, August 4, 2012 8:02:28 PM UTC+1, Jeffrey Walton wrote: >>> >>> On Sat, Aug 4, 2012 at 2:51 PM, RichardC <richard.critten@googlemail.** >>> com <[email protected]>> wrote: >>> > How about clearing yourself? You will need to remember you have read >>> it so >>> > you don't re-read the cleared version. >>> Forgive my ignorance here. I would expect getText to give us a copy of >>> its internal data; and we can replace the [displayed] text with the >>> setText method. If I modify the char[] from getText, I don't modify >>> the internal data unless setText is subsequently called. >>> >>> Does the EditText give us access to its private data? >>> >>> > On Saturday, August 4, 2012 7:18:51 PM UTC+1, Jeffrey Walton wrote: >>> >> >>> >> Hi All, >>> >> >>> >> EditText handles text input. We can mask the characters by adding the >>> >> android:password attribute. >>> >> >>> >> We can fetch a copy of the text with getText, and then erase or >>> >> zeroize the data in the char[] when finished. However, its not clear >>> >> to me what happens to the EditText's internal data with >>> >> android:password when the widget is destroyed. Does the EditText >>> >> behave securely by erasing or zeroizing its internal data? >>> >> >>> >> When an application recieves an onPause, I want the EditText to erase >>> >> or zeroize its internal data (data that I have not yet fetched with >>> >> getText). Is it possible to instruct the EditText to erase or zeroize >>> >> its internal data? >>> >> >>> >> Or is there another UI control we should be using? >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/pkN17H05fuIJ. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- చంద్రమౌళి -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
