commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Overby <modsiw.vcha...@gmail.com>
Subject Re: [VFS] Passing around password as byte[] instead
Date Mon, 08 Jul 2013 22:34:54 GMT
I would expect char[] or byte[] to be just as easily recognizable. People
have used them to store passwords because those data types can be zero'd
out; whereas, String is immutable and references are kept by the intern
mechanism of String. If the char[] or byte[] is ever converted to a String
(or originates as a String), it will still fall into this trap. With
garbage collection, it is unknowable if the array was moved to somewhere
else in the heap leaving a copy behind, so it is still not a reliable way
to time box the opportunity to gather the password. All that said, such an
attack would require elevated permissions at the OS or JVM level to such an
extent that I would argue this threat would be inconsequential in practice.

On Mon, Jul 8, 2013 at 6:05 PM, Roger L. Whitcomb <Roger.Whitcomb@actian.com
> wrote:

> I had a thought that it would be more secure to pass password data
> around in VFS as byte arrays instead of String objects so they could
> less easily be found by memory dumpers/scanners.  This would apply (for
> instance) to GenericFileName constructor and access methods, etc.
> Obviously, at some point, you have to convert to String (like in
> "GenericFileName.appendCredentials"), but it seems like at least some
> level of obfuscation, as in storing the data as bytes might be useful to
> increase security.
>
>
>
> Thoughts?  Thanks.
>
>
>
> ~Roger Whitcomb
>
> Apache Pivot PMC Chair
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message