[kepler-dev] Re: Setting parameter style as password

Christopher Brooks cxh at eecs.berkeley.edu
Thu Sep 9 07:34:20 PDT 2004 

The password style is my doing.
Unfortunately, the work there is incomplete.

One issue is that even if the text of the password is replaced with
dots in the UI, then the password will be available in cleartext
in the MoML file.  I had a password actor in
ptolemy/actor/lib/security/Password.java, but I removed it because
it was difficult to make it secure.

My notes say:
> * Query and PtolemyQuery were modified to take a new style called 
> "password", which is a starred out password based on 
> javax.swing.JPasswordField.
> 
> The JPasswordField docs deprecate String getText() and suggest
> using char [] getPassword() instead for improved security.
> I was not able to do this because PtolemyQuery creates a change
> request and ends up calling Query.getStringValue() which calls
> JPasswordField.getText().
> 
> Another issue is that we do not have a char type, so we would
> end up passing things around as strings, or maybe as unsigned byte
> arrays.
> 
> I tried to use actor.lib.Const but
> - Const expects a double quoted string as an argument
> - Const displays the value of the string in the icon, which sorta
> defeats the idea of a secret password
> - The value of a Const actor is always persistent.
> 
> I created actor.lib.security.Password which has a password field
> and a isPersistent field.
> 
> If the isPersistent field is true, then the value of the password
> is saved when the model is written out.  This defeats the purpose
> of the password, but makes it easier to test.


Basically, I should probably go ahead and back out the password
facility.

The security actors in $PTII/ptolemy/actor/lib/security use
passwords in clear text.  (See PrivateKeyReader and PublicKeyReader). 


-Christopher
--------

    Hi,
    
    How can I set the style of a parameter to be Password style
    in the java code for the actor? And, once I set the style, what
    is the best way to process the password?
    
    I can set it up from the GUI but it only changes it in the MOML
    file. It also sometimes throws exceptions that the password cannot
    be handled as a string.
    
    It would be enough if you could point me to an example. I looked
    for examples on this but couldn't find one.
    
    Thanks on advance,
    Ilkay
    
    ---------------------------------------------------------------------------
   -
    Posted to the ptolemy-hackers mailing list.  Please send administrative
    mail for this list to: ptolemy-hackers-request at ptolemy.eecs.berkeley.edu
--------

More information about the Kepler-dev mailing list