Tuesday 5 March 2019

java - What should I do after using a password to log in to a system?

I am writing a Java program that asks the user to enter their mysql username and password to log in to a MySql instance. I am using 



Console console = new Console();
char[] password = console.readPassword("%s", SQLPlus.PROMPT + "Password:");



to store their password. After I have used the password to log in, how can I eliminate any trace of it from the variable and memory? From the javadocs, it is suggested to use 



java.util.Arrays.fill(passwordd, ' ');


to delete the data from memory. Is this enough?



This questions is asking what to do after a char[] has been used to store a password, not why it should be used instead of a string.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...