Tuesday, March 5, 2019

java - What should I do after using a password to log in to a system?

I am writing a Java program that asks the user to enter their mysql username and password to log in to a MySql instance. I am using 



Console console = new Console();
char[] password = console.readPassword("%s", SQLPlus.PROMPT + "Password:");



to store their password. After I have used the password to log in, how can I eliminate any trace of it from the variable and memory? From the javadocs, it is suggested to use 



java.util.Arrays.fill(passwordd, ' ');


to delete the data from memory. Is this enough?



This questions is asking what to do after a char[] has been used to store a password, not why it should be used instead of a string.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...