Linked Questions
162 questions linked to/from Why is char[] preferred over String for passwords?
24
votes
4
answers
4k
views
Why we read password from console in char array instead of String [duplicate]
Possible Duplicate:
Why is char[] preferred over string for passwords?
When I was preparing for OCPJP I came accross the topic - "Reading User input from console".
There was an example where it ...
- 214k
15
votes
2
answers
2k
views
Is it a good practice to nullifying String in java [duplicate]
I have a problem with storing a plain password in memory as a String. According to the reference, since Strings are immutable there is a vulnerability of using String data type for sensitive data ...
- 153
13
votes
1
answer
2k
views
Java storing sensitive 'key' as String or char[]? [duplicate]
Possible Duplicate:
Why is char[] preferred over string for passwords?
I read somewhere that storing a sensitive key as a char[] rather than a String is better because the latter can be found in ...
- 5,982
3
votes
1
answer
3k
views
Why we should not use String for Storing password in Java but can use String for Storing password in C language? [duplicate]
In a discussion one of our senior told that we should not use String for storing password in a Java project because it's a security risk.
But it can be acceptable in C project. I did not get why he ...
- 97
4
votes
1
answer
1k
views
How to pass SSL keystore password? [duplicate]
I am writing a little web framework and I want to enable SSL encryption with a SSL key which will be supplied by the user.
This might seem overly cautious, but is it common to pass the password for ...
- 2,950
3
votes
1
answer
2k
views
Clearing a memory in java heap space from JNI [duplicate]
Is there a way to do it? I am aware garbage collector in java will eventually do it if I dereference it. However I need to immediately clear the byte array memory as it is critical memory(passwords ...
- 33
1
vote
1
answer
2k
views
Clearing a char array of sensitive data from memory [duplicate]
Is there a difference in benefit for "zeroing out" a char array so it doesn't stay in memory using Arrays.fill(password, 0) instead of using password = null? I'm not asking why use a char array ...
- 631
1
vote
0
answers
1k
views
Java Fortify issue For Storing password in String object [duplicate]
In my application password is storing in String & fortify is complainng about this.
Remediation says that "stores sensitive data in a String object, making it impossible to reliably purge the ...
- 203
2
votes
0
answers
644
views
How do I secure Spring Boot application against memory scraping attack? [duplicate]
I recently took over a service at work that handles credit card encryption. It a Spring Boot 2.0 application and credit card info is passed in via a POST api.
Our security team was able to obtain ...
- 21
1
vote
2
answers
385
views
Java: Console class [duplicate]
Possible Duplicate:
Why is char[] preferred over string for passwords?
Reading the java documentation, i found this statement about Console class
First, it suppresses echoing, so the password is ...
user1462183
0
votes
1
answer
340
views
Why returns getPassword() from the Object JPasswordField an char[]? [duplicate]
I'm writing a little Program to test the security of Java in general.
public char[] getPW(){
return pwField.getPassword();
}
This method return an char array. But why is that so? Is there any ...
- 176
0
votes
2
answers
121
views
Java code efficiency when converting string [duplicate]
I have decompiled a fix provided by a 3rd party development team.
This is the original code:
if (this.getPassword() != null) {
this.uid = this.getUserName();
password = this.getPassword();
}
...
- 141
3
votes
0
answers
175
views
using readPassword() method [duplicate]
import java.io.*;
class ReadPasswordTest
{
public static void main(String args[])
{
Console c=System.console();
System.out.println("Enter password: ");
char[] ch=c....
user4792715
2
votes
0
answers
173
views
What should I do after using a password to log in to a system? [duplicate]
I am writing a Java program that asks the user to enter their mysql username and password to log in to a MySql instance. I am using
Console console = new Console();
char[] password = console....
- 616
1
vote
0
answers
138
views
Secure way to perform basic authorization [duplicate]
I need to perform authorization against tomcat programmatically.
The way I'm currently doing it is like that:
String username = "tomcat_admin";
char[] password = CryptoUtility.decrypt(System.getenv("...
- 493