On Mon, Jul 8, 2013 at 7:05 PM, Roger L. Whitcomb <roger.whitc...@actian.com > wrote:
> Well, that's what .Net did with SecureString, and OpenSSL did as well. > There is a longer discussion here: > http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-st > ring-for-passwords > that talks more about the pros and cons. > > The main reason I bring it up is that, even though it doesn't provide > *that much* extra security, providing some help at the API levels seems > better than doing nothing ... It seems that, even though it provides > only minimal security, it is *still* considered best practice to zero > out password fields as soon as possible to minimize the potential > security risks. > > So, seeing that VFS 2.0 is not quite released yet, it seemed like a good > time to at least raise the question before the API is cast in stone. > 2.0 has been out for a long time. 2.1 is ready for a release IMO. Gary > > I'd be willing to take a crack at a patch to implement this change if > there was enough interest. > > Thanks, > ~Roger > > -----Original Message----- > From: Honton, Charles [mailto:charles_hon...@intuit.com] > Sent: Monday, July 08, 2013 3:53 PM > To: Commons Developers List > Subject: Re: [VFS] Passing around password as byte[] instead > > Or maybe a Password class that's tailor designed to obsfucate and zero > contents... > > On 7/8/13 3:23 PM, "sebb" <seb...@gmail.com> wrote: > > >On 8 July 2013 23:05, Roger L. Whitcomb <roger.whitc...@actian.com> > wrote: > >> I had a thought that it would be more secure to pass password data > >> around in VFS as byte arrays instead of String objects so they could > >> less easily be found by memory dumpers/scanners. This would apply > >> (for > >> instance) to GenericFileName constructor and access methods, etc. > >> Obviously, at some point, you have to convert to String (like in > >> "GenericFileName.appendCredentials"), but it seems like at least some > > >> level of obfuscation, as in storing the data as bytes might be useful > > >> to increase security. > > > >Another reason for using bytes is that the array can be zeroed out - or > > >replaced with fake password to fool hackers ;-) - once it has been > >used. > >This is not possible with immutable strings. > > > >> > >> > >> Thoughts? Thanks. > >> > >> > >> > >> ~Roger Whitcomb > >> > >> Apache Pivot PMC Chair > >> > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >For additional commands, e-mail: dev-h...@commons.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
