Juan Hernandez has posted comments on this change. Change subject: core, webadmin, restapi: Detach password from VdcUser ......................................................................
Patch Set 4: Take into account that what is relevant when using strings for passwords (or for any other secret) is not if they are interned or not (as Vojtech explained they won't be interned unless someone calls the intern method) but the fact that strings are immutable, so the moment you put a password inside an string there is no way to explicitly clear it. Even if the string is garbage collected the corresponding area of memory isn't cleaned by the JVM, so the content is still there. An attacker can inspect the memory (or a heap dump) and easily find the value (specially if it knows the source of the program, which is always true in our case). The way to protect against this is to use arrays of characters, something like this: char[] password = getThePasswordFromSomeWhere(...); useThePassword(password); Arrays.fill(password, '\0'); password = null; This way the password is in memory only when it is needed and the area of memory where it is stored is explicitly cleared after use, thus making life harder for attackers. This doesn't protect it completely, as the garbage collector may have copied that array of characters to a different heap space, leaving the content in the previous location, but there is little more that the program can do. This is clearly not the subject of this change. -- To view, visit http://gerrit.ovirt.org/17096 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0ab9321816ee28355a4118910086891f5a552014 Gerrit-PatchSet: 4 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> Gerrit-Reviewer: Michael Pasternak <[email protected]> Gerrit-Reviewer: Omer Frenkel <[email protected]> Gerrit-Reviewer: Oved Ourfali <[email protected]> Gerrit-Reviewer: Vojtech Szocs <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
