Re: Replacement for runFinalizersOnExit()
rossum wrote:
On Sat, 24 Nov 2007 09:06:27 -0500, Eric Sosman
<esosman@ieee-dot-org.invalid> wrote:
rossum wrote:
I am writing a security related application and I want to make sure
that some critical data is wiped after it is finished with. I have
provided a public dispose() method to do the wiping, and a finalize()
to call dispose in case the user forgets to call it. However,
runFinalizersOnExit() is now deprecated so I cannot be sure that my
finalizer will run at the time the application is exited.
In the absence of runFinalizersOnExit() I am looking for a way to
ensure that the data is wiped before the application exits. Any
suggestions?
Make sure dispose() is used.
I try. One thought is "It is a sackable offence not to use dispose",
but even then someone is going to slip up somewhere.
Alternatively, you could "invert" your API a little bit. The only way to
retrieve a secure resource would be to call a method that allocates it,
calls a call-back, and then disposes it:
public void executeSecure(SecureOperation operation) {
SecureResource resource = createResource();
try {
operation.perform(resource);
} finally {
resource.dispose();
}
}
Note, that in the event of a system or application crash, dispose may
never be called.
Also note, that at any time, the used memory could be written to a swap
file. If that happens, it may never get overwritten. Typically,
programs that deal with sensitive data lock their memory so that it
can't be swapped out. I don't think you can do that in Java, so if it is
truly that sensitive, you might need to go into native code.
--
Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/>