Because Strings hold onto their internal char[], unreferencing a String password means it hangs around in memory until the JVM garbage collects it. If you can ever prevent it from becoming a String, keep it as a char[] or byte[] -- then zero it all out before the array is unreferenced.
Paul On Mon, Jul 8, 2013 at 7:51 PM, Gary Gregory <garydgreg...@gmail.com> wrote: > On Mon, Jul 8, 2013 at 7:05 PM, Roger L. Whitcomb < > roger.whitc...@actian.com > > wrote: > > > Well, that's what .Net did with SecureString, and OpenSSL did as well. > > There is a longer discussion here: > > http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-st > > ring-for-passwords > > that talks more about the pros and cons. > > > > The main reason I bring it up is that, even though it doesn't provide > > *that much* extra security, providing some help at the API levels seems > > better than doing nothing ... It seems that, even though it provides > > only minimal security, it is *still* considered best practice to zero > > out password fields as soon as possible to minimize the potential > > security risks. > > > > So, seeing that VFS 2.0 is not quite released yet, it seemed like a good > > time to at least raise the question before the API is cast in stone. > > > > 2.0 has been out for a long time. 2.1 is ready for a release IMO. > > Gary > > > > > > I'd be willing to take a crack at a patch to implement this change if > > there was enough interest. > > > > Thanks, > > ~Roger > > > > -----Original Message----- > > From: Honton, Charles [mailto:charles_hon...@intuit.com] > > Sent: Monday, July 08, 2013 3:53 PM > > To: Commons Developers List > > Subject: Re: [VFS] Passing around password as byte[] instead > > > > Or maybe a Password class that's tailor designed to obsfucate and zero > > contents... > > > > On 7/8/13 3:23 PM, "sebb" <seb...@gmail.com> wrote: > > > > >On 8 July 2013 23:05, Roger L. Whitcomb <roger.whitc...@actian.com> > > wrote: > > >> I had a thought that it would be more secure to pass password data > > >> around in VFS as byte arrays instead of String objects so they could > > >> less easily be found by memory dumpers/scanners. This would apply > > >> (for > > >> instance) to GenericFileName constructor and access methods, etc. > > >> Obviously, at some point, you have to convert to String (like in > > >> "GenericFileName.appendCredentials"), but it seems like at least some > > > > >> level of obfuscation, as in storing the data as bytes might be useful > > > > >> to increase security. > > > > > >Another reason for using bytes is that the array can be zeroed out - or > > > > >replaced with fake password to fool hackers ;-) - once it has been > > >used. > > >This is not possible with immutable strings. > > > > > >> > > >> > > >> Thoughts? Thanks. > > >> > > >> > > >> > > >> ~Roger Whitcomb > > >> > > >> Apache Pivot PMC Chair > > >> > > > > > >--------------------------------------------------------------------- > > >To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > >For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > -- > E-Mail: garydgreg...@gmail.com | ggreg...@apache.org > Java Persistence with Hibernate, Second Edition< > http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > -- Cheers, Paul
