Last week I was at Recombination so nothing done then.
Now I've started to wire up the logon dialog. This included a bit of shuffling of the main UI, and preparing to split the DirectoryPanel into UI (repeated) and Directory Model classes (local and FTP); and starting the process of writing an FTP client against the .Net socket APIs.
Writing the logon dialog exposed one Mono quirk. The UseSystemPasswordChar
property on the text-box doesn't seem to do anything. I resorted to self.pwdTB.PasswordChar = u'\u2022'
as a portable solution.
Also, you can use the Data Protection API for more safely storing passwords:
import clr clr.AddReference("System.Security") from System.Security.Cryptography import * import System.Text import System … def getSecureValue(self, section, key, default): raw = self.getValue(section, key, None) if raw== None: return default try: array = System.Convert.FromBase64String(raw) chars = ProtectedData.Unprotect(array, None, DataProtectionScope.CurrentUser) result = System.Text.Encoding.UTF8.GetString(chars) for i in range(chars.Length): chars[i] = 0 return result except System.Exception, ex: print ex.ToString() return default def setSecureValue(self, section, key, value): bytes = System.Text.Encoding.UTF8.GetBytes(value) try: safed = ProtectedData.Protect(bytes, None, DataProtectionScope.CurrentUser) for i in range(bytes.Length): bytes[i] = 0 string = System.Convert.ToBase64String(safed) for i in range(safed.Length): safed[i] = 0 self.setValue(section, key, string) except System.Exception, ex: print ex.ToString()
which stores the password as an encrypted Base64 blob -- and works with Mono on Win32 as well. The weak point is the password kept in memory as a string (immutable) -- if you can use it as char array, you can wipe that when done.
No comments:
Post a Comment