Or maybe a Password class that's tailor designed to obsfucate and zero
contents...

On 7/8/13 3:23 PM, "sebb" <seb...@gmail.com> wrote:

>On 8 July 2013 23:05, Roger L. Whitcomb <roger.whitc...@actian.com> wrote:
>> I had a thought that it would be more secure to pass password data
>> around in VFS as byte arrays instead of String objects so they could
>> less easily be found by memory dumpers/scanners.  This would apply (for
>> instance) to GenericFileName constructor and access methods, etc.
>> Obviously, at some point, you have to convert to String (like in
>> "GenericFileName.appendCredentials"), but it seems like at least some
>> level of obfuscation, as in storing the data as bytes might be useful to
>> increase security.
>
>Another reason for using bytes is that the array can be zeroed out -
>or replaced with fake password to fool hackers ;-) - once it has been
>used.
>This is not possible with immutable strings.
>
>>
>>
>> Thoughts?  Thanks.
>>
>>
>>
>> ~Roger Whitcomb
>>
>> Apache Pivot PMC Chair
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>For additional commands, e-mail: dev-h...@commons.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to