ImageJ - Antwort: Re: Testing a password

ImageJ

Antwort: Re: Testing a password

Posted by Joachim Wesner on Apr 07, 2010; 8:31am
URL: http://imagej.273.s1.nabble.com/Testing-a-password-tp3688636p3688640.html

Yes,

I did not want to comment on that, actually as a minimum I would recommend
some
simple "garbling" of the stored password with some secret "constant" to
avoid that
the password will directly stand out in any text dump of the class file.

Mit freundlichen Grüßen / Best regards

Joachim Wesner
Projektleiter Optik Technologiesysteme

Leica Microsystems CMS GmbH | GmbH mit Sitz in Wetzlar | Amtsgericht
Wetzlar HRB 2432
Geschäftsführer: Dr. Stefan Traeger | Dr. David Roy Martyr | Colin Davis
www.leica-microsystems.com

Gabriel Landini
<[hidden email]
C.UK> An
Gesendet von: [hidden email]
ImageJ Interest Kopie
Group
<[hidden email]. Thema
GOV> Re: Testing a password

07.04.2010 10:21

Bitte antworten
an
ImageJ Interest
Group
<[hidden email].
GOV>

On Tue, 6 Apr 2010, Joachim Wesner wrote:
> You cannot compare a string in Java with "==", it will check if it is
> exactly **the same** object, not directly the contents!

And one should be aware that retrieving the password from the class file is

trivial, so it would not be secure at all.
Cheers

G.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________