[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Tsz-wo Sze (Jira) Wed, 05 Mar 2025 09:13:32 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-17014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17932697#comment-17932697
 ]


Tsz-wo Sze commented on KAFKA-17014:
------------------------------------

[~mingdaoy], I just have commented on your pr.  Thanks!

> ScramFormatter should not use String for password.
> --------------------------------------------------
>
>                 Key: KAFKA-17014
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17014
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Tsz-wo Sze
>            Assignee: Mingdao Yang
>            Priority: Major
>
> Since String is immutable, there are no easy ways to erase a String password 
> after use.  It is a security concern so we should not use String for 
> passwords.  See also  
> https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Reply via email to