Last week I was at Recombination so nothing done then.
Now I've started to wire up the logon dialog. This included a bit of shuffling of the main UI, and preparing to split the DirectoryPanel into UI (repeated) and Directory Model classes (local and FTP); and starting the process of writing an FTP client against the .Net socket APIs.
Writing the logon dialog exposed one Mono quirk. The UseSystemPasswordChar property on the text-box doesn't seem to do anything. I resorted to self.pwdTB.PasswordChar = u'\u2022' as a portable solution.
Also, you can use the Data Protection API for more safely storing passwords:
import clr
clr.AddReference("System.Security")
from System.Security.Cryptography import *
import System.Text
import System
…
def getSecureValue(self, section, key, default):
raw = self.getValue(section, key, None)
if raw== None:
return default
try:
array = System.Convert.FromBase64String(raw)
chars = ProtectedData.Unprotect(array,
None, DataProtectionScope.CurrentUser)
result = System.Text.Encoding.UTF8.GetString(chars)
for i in range(chars.Length):
chars[i] = 0
return result
except System.Exception, ex:
print ex.ToString()
return default
def setSecureValue(self, section, key, value):
bytes = System.Text.Encoding.UTF8.GetBytes(value)
try:
safed = ProtectedData.Protect(bytes,
None, DataProtectionScope.CurrentUser)
for i in range(bytes.Length):
bytes[i] = 0
string = System.Convert.ToBase64String(safed)
for i in range(safed.Length):
safed[i] = 0
self.setValue(section, key, string)
except System.Exception, ex:
print ex.ToString()
which stores the password as an encrypted Base64 blob -- and works with Mono on Win32 as well. The weak point is the password kept in memory as a string (immutable) -- if you can use it as char array, you can wipe that when done.
No comments:
Post a Comment