Or maybe a Password class that's tailor designed to obsfucate and zero contents...
On 7/8/13 3:23 PM, "sebb" <seb...@gmail.com> wrote: >On 8 July 2013 23:05, Roger L. Whitcomb <roger.whitc...@actian.com> wrote: >> I had a thought that it would be more secure to pass password data >> around in VFS as byte arrays instead of String objects so they could >> less easily be found by memory dumpers/scanners. This would apply (for >> instance) to GenericFileName constructor and access methods, etc. >> Obviously, at some point, you have to convert to String (like in >> "GenericFileName.appendCredentials"), but it seems like at least some >> level of obfuscation, as in storing the data as bytes might be useful to >> increase security. > >Another reason for using bytes is that the array can be zeroed out - >or replaced with fake password to fool hackers ;-) - once it has been >used. >This is not possible with immutable strings. > >> >> >> Thoughts? Thanks. >> >> >> >> ~Roger Whitcomb >> >> Apache Pivot PMC Chair >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
