char array is proffered over strings to store passwords

Strings are immutable in Java, if you store password as plain text it will be available in memory until Garbage collector clears it and since Strings are used in String pool for re-usability there is a chance that it will be remain in memory for long duration, which pose a security threat. Since any one who has access to memory dump can find the password in clear text. But in case of char array, you can overwrite the values in the array.

You may like

Advantages Of Immutability

Javais pass by value or pass by reference ?

 Get current stack trace in Java

 StringBuilder Vs StringBuffer

 Difference between the JRE and the JDK

                                                             Home