On 03/03/09 14:31, "Christiaan Hofman" <cmhof...@gmail.com> wrote:
> On 3 Mar 2009, at 11:24 PM, Maxwell, Adam R wrote: > >> Is the user's password now stored as a plaintext ivar? I only gave a >> cursory look at the diffs on sourceforge, so could have missed >> something. >> Anyway, I used class methods for the password API so it would be >> obvious >> that no state should be stored. It's bad enough that it's passed >> around >> unencrypted as an argument, but I couldn't come up with a way to avoid >> that... > > Is that accessible? Then how does the textfield do it? It should have > an ivar. Storing a password in memory beyond the absolute minimum time required is just bad practice: http://developer.apple.com/DOCUMENTATION/Security/Conceptual/SecureCodingGui de/Articles/DevSecSoftware.html#//apple_ref/doc/uid/TP40002495 ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Bibdesk-develop mailing list Bibdesk-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bibdesk-develop
