logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <rgo...@apache.org>
Subject Re: Track passwords internally as char[] instead of String
Date Mon, 19 Aug 2013 11:27:21 GMT
What passwords?

Ralph

On Aug 19, 2013, at 4:22 AM, Gary Gregory <garydgregory@gmail.com> wrote:

> I've seen it done many places: Should we track passwords internally as char[] instead
of String for ivars.
> 
> This prevents Log4j spilling your secrets by accident in a toString to internal log call.
> 
> Gary
> 
> -- 
> E-Mail: garydgregory@gmail.com | ggregory@apache.org 
> Java Persistence with Hibernate, Second Edition
> JUnit in Action, Second Edition
> Spring Batch in Action
> Blog: http://garygregory.wordpress.com 
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory

Mime
View raw message