posted 10 years ago
Gentleman, I realize that the question and answer period is over but I hope you are still around to enterain an additional question. I went out and purchased your book which arrived yesterday and it seems to me that the very first example violates the pricipal you are trying to demonstrate "Limit the Lifetime of Sensitive Data". Your "compliant solution" throws a security exception prior to clearing the password entered by the user. While your assumption may be that the password entered is not valid, in an actual authentication process many other things could prevent the authentication from happening which would result in the valid password potentially being left in memory. The most disturbing would be a denial of service attack against the authentication source in order to exploit this created vulnerability.
Is there some other protection afforded here that I am not concidering, I don't believe that garbage collection is immediate after an exception or that the Console.readPassword() method would help in this situation.
I'm hopeful that the rest of the book is valuable and the examples don't create exposures that I cannot pickup.
--Sean Sell