commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [VFS] Passing around password as byte[] instead
Date Mon, 08 Jul 2013 22:33:56 GMT
I've seen char[] used for passwords instead of String, but not byte[]. As
soon as you use a byte[] for a String you need to track an encoding as
well.

Gary


On Mon, Jul 8, 2013 at 6:05 PM, Roger L. Whitcomb <Roger.Whitcomb@actian.com
> wrote:

> I had a thought that it would be more secure to pass password data
> around in VFS as byte arrays instead of String objects so they could
> less easily be found by memory dumpers/scanners.  This would apply (for
> instance) to GenericFileName constructor and access methods, etc.
> Obviously, at some point, you have to convert to String (like in
> "GenericFileName.appendCredentials"), but it seems like at least some
> level of obfuscation, as in storing the data as bytes might be useful to
> increase security.
>
>
>
> Thoughts?  Thanks.
>
>
>
> ~Roger Whitcomb
>
> Apache Pivot PMC Chair
>
>


-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message