Strings
are immutable in Java, if you store password as plain text it will be
available in memory until Garbage collector clears it and since
Strings are used in String pool for re-usability there is a chance
that it will be remain in memory for long duration, which pose a
security threat. Since any one who has access to memory dump can find
the password in clear text. But in case of char array, you can
overwrite the values in the array.
You may like
No comments:
Post a Comment