commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [VFS] Passing around password as byte[] instead
Date Mon, 08 Jul 2013 22:23:23 GMT
On 8 July 2013 23:05, Roger L. Whitcomb <Roger.Whitcomb@actian.com> wrote:
> I had a thought that it would be more secure to pass password data
> around in VFS as byte arrays instead of String objects so they could
> less easily be found by memory dumpers/scanners.  This would apply (for
> instance) to GenericFileName constructor and access methods, etc.
> Obviously, at some point, you have to convert to String (like in
> "GenericFileName.appendCredentials"), but it seems like at least some
> level of obfuscation, as in storing the data as bytes might be useful to
> increase security.

Another reason for using bytes is that the array can be zeroed out -
or replaced with fake password to fool hackers ;-) - once it has been
used.
This is not possible with immutable strings.

>
>
> Thoughts?  Thanks.
>
>
>
> ~Roger Whitcomb
>
> Apache Pivot PMC Chair
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message