In article <[EMAIL PROTECTED]>,
Alvin <[EMAIL PROTECTED]> wrote:
> txtPasswd->value("XXXXXXXXXXXXXXXXXXXXXXXX");
> txtPasswd->value(NULL);
>
> By looking at the addresses of the value_ and buffer members, this seems to
> do the trick.
MMmh. I think horizontal scrolling copies the buffer around in some
temporary buffers too, so _that_ zeroing would be partial.
Memory is cleared by the OS upon allocation anyway. Memory is also
copied around the swap too, unless you take measures to force the memory
to be wired. And then again, if you need to pass the password to another
process, all that kind of handling is almost pointless. There are too
many places were your password was actually copied and maybe still
visible.
> Now that I'm looking at the code again, is this actually correct? Or is
> there another procedure I should be using instead like storing the the
> value() as a non-const and manipulating it's contents. Something like:
If you handle the password yourself, in your code only, force memory
mapping and disable X event handling that could capture keypresses
(coupled with a special exclusive keyboard driver), _then_ I suggest to
take some small effort and implement a secure input control yourself :).
_______________________________________________
fltk mailing list
[email protected]
http://lists.easysw.com/mailman/listinfo/fltk
