[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Mingdao Yang (Jira) Thu, 16 Jan 2025 15:42:07 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-17014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913883#comment-17913883
 ]


Mingdao Yang commented on KAFKA-17014:
--------------------------------------

Hi [~szetszwo] , I noticed this issue has been idle for a while and I'd love to 
help move it forward. Can I take over it? Thanks.

> ScramFormatter should not use String for password.
> --------------------------------------------------
>
>                 Key: KAFKA-17014
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17014
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Tsz-wo Sze
>            Assignee: dujian0068
>            Priority: Major
>
> Since String is immutable, there is no easy way to erase a String password 
> after use.  We should not use String for password.  See also  
> https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Reply via email to