hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Karp (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1106) Use character arrays for passwords in Credentials objects, not Strings
Date Tue, 28 Jun 2011 22:13:28 GMT
Use character arrays for passwords in Credentials objects, not Strings
----------------------------------------------------------------------

                 Key: HTTPCLIENT-1106
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1106
             Project: HttpComponents HttpClient
          Issue Type: Improvement
          Components: HttpAuth
    Affects Versions: 4.1.1
            Reporter: John Karp
            Priority: Minor


Its fairly conventional to use char[] to represent passwords in Java, because using Strings
can present security issues:

http://securesoftware.blogspot.com/2009/01/java-security-why-not-to-use-string.html
http://download.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message