Re: Doubt in Security basics

From: Kevin Conaway (kevin.conaway_at_gmail.com)
Date: 02/15/05

  • Next message: Randy: "Re: Doubt in Security basics"
    Date: Tue, 15 Feb 2005 11:26:55 -0500
    To: Babu Kopparam <babukopparam@gmail.com>
    
    

    Babu,

    Strings in Java are immutable, meaning you cant change them. You can
    only modify copies of the original. Because of this, if a password
    was read into a String, you couldn't write over it to erase its
    contents from memory. It would be at the mercy of the garbage
    collector.

    With a char [], you can overwrite the elements of the array and be
    reasonably safe that the password is gone from memory.

    Kevin

    On Tue, 15 Feb 2005 07:28:08 -0800 (PST), Babu Kopparam
    <babukopparam@gmail.com> wrote:
    >
    >
    > Hi! List,
    >
    > Probably i feel this doubt is related with basic knowledge.
    >
    > Whenever capturing the password, char[] is used instead of String object. What purpose does this solve.
    > --- I am referring to JAVA.
    >
    > Thanks in advance,
    > -Babu.
    >


  • Next message: Randy: "Re: Doubt in Security basics"