Secure text input

Asked May 29 '21 at 01:16

Active May 29 '21 at 01:16

Viewed 115 times

In my app there is a place where the user can enter in some sensitive information. I'm using a NSSecureTextField for that.

However, NSSecureTextField just uses a plain String to store its contents. This poses an issue because I would like to destroy that String instance, but that is impossible because strings are immutable.

When the user finishes typing his password, there would probably be 10+ instances of that password in memory.

Is there any way to somehow have a more secure method of entering text?

asked May 29 '21 at 01:16

AudioPlayer1234

2

"that is impossible because strings are immutable" How so? – El Tomato May 29 '21 at 01:21
@ElTomato Well assuming the user types in a bunch of characters, than every single time that happens then a new string has to be created – AudioPlayer1234 May 29 '21 at 01:22
2

I have no idea about the issue that you are referring to. Please show some lines of code to make your point. – El Tomato May 29 '21 at 01:28
Im trying to say how would you clear and zero out the password string in memory? – AudioPlayer1234 May 29 '21 at 01:32
@ElTomato See https://stackoverflow.com/q/8881291/3141234 for comparison – Alexander May 29 '21 at 01:50
@AudioPlayer1234 Fundamentally, `String` isn't well-suited to this task. Like you said, it's immutable, but it's also very easily copy-able. Ideally, if Swift had move-only types, a purpose-specific, erasable string type could be made that has singular ownership. However, `NSSecureTextField` forces you to use `NSString`, so you don't really have a choice. – Alexander May 29 '21 at 01:52
Ah ok. I guess ill just deal with it then – AudioPlayer1234 May 29 '21 at 01:58
Is the text visible and editable? – Willeke May 29 '21 at 08:48

Secure text input

0 Answers0