Saturday, 19 July 2014

char array is proffered over strings to store passwords

Strings are immutable in Java, if you store password as plain text it will be available in memory until Garbage collector clears it and since Strings are used in String pool for re-usability there is a chance that it will be remain in memory for long duration, which pose a security threat. Since any one who has access to memory dump can find the password in clear text. But in case of char array, you can overwrite the values in the array.

You may like


                                                             Home

No comments:

Post a Comment