Re: Doubt in Security basics

From: Kevin Conaway (kevin.conaway_at_gmail.com)
Date: 02/15/05

  • Next message: Randy: "Re: Doubt in Security basics"
    Date: Tue, 15 Feb 2005 11:26:55 -0500
    To: Babu Kopparam <babukopparam@gmail.com>
    
    

    Babu,

    Strings in Java are immutable, meaning you cant change them. You can
    only modify copies of the original. Because of this, if a password
    was read into a String, you couldn't write over it to erase its
    contents from memory. It would be at the mercy of the garbage
    collector.

    With a char [], you can overwrite the elements of the array and be
    reasonably safe that the password is gone from memory.

    Kevin

    On Tue, 15 Feb 2005 07:28:08 -0800 (PST), Babu Kopparam
    <babukopparam@gmail.com> wrote:
    >
    >
    > Hi! List,
    >
    > Probably i feel this doubt is related with basic knowledge.
    >
    > Whenever capturing the password, char[] is used instead of String object. What purpose does this solve.
    > --- I am referring to JAVA.
    >
    > Thanks in advance,
    > -Babu.
    >


  • Next message: Randy: "Re: Doubt in Security basics"

    Relevant Pages

    • Re: .NET SUCKS --- READ FOLLOWING. MICROSOFT IS A SUCKY CO
      ... > system just doesn't cut it in high memory load situations. ... Garbage Collection is not an excuse for poor memory management. ... One excellent example is the use of strings. ... because many "professional" programmers know very little about what is ...
      (microsoft.public.dotnet.framework)
    • Re: Secure Credentials pwd handling
      ... strings that are produced when you read the properties. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... so at some point the value will be in memory. ... SecureString is added to .NET to support this use case. ...
      (microsoft.public.dotnet.security)
    • Re: CStrings and memory
      ... Then you allocate a few more strings ... Now you need to allocate another string, but there is no more memory. ... In addition to strings, there are other things that get allocated: ... have perhaps confused "address space" with "working set". ...
      (microsoft.public.vc.mfc)
    • Re: Verbose functional languages?
      ... whereas a memory leak due to too much laziness in the wrong place can be. ... If you declare your data structure elements as strict, ... I think size matters, for the optimization heuristics. ... strings for symbol names. ...
      (comp.lang.functional)
    • Re: mex: cell (of strings) allocation
      ... strings and numeric data, and returns the numeric data in a ... and the strings in a cell array of strings. ... cannot seem to use the same idiom for the cell of strings. ... *exactly* the same amount of memory you originally ...
      (comp.soft-sys.matlab)