4

I am writing a little web framework and I want to enable SSL encryption with a SSL key which will be supplied by the user.

This might seem overly cautious, but is it common to pass the password for the keystore file as a String passed in the parameters of a method?

This is what I had in mind:

public void enableSSL(String keystorePath, String keystorePassword) {
    // ... do things
}
Improve this question
0

1 Answer 1

Reset to default
3

It is always safer to store the password into character array than a string.

Please refer below query: Why is char[] preferred over String for passwords?

Also refer the below coding guide lines from oracle site: http://www.oracle.com/technetwork/java/seccodeguide-139067.html#2

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Please mark this question as duplicate rather than trying to feed off someone elses's answer.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.