It is a recommended practice to “empty” the read password string once its use is over. This is a secure programming practice to avoid malicious reads of program data to discover password strings.With a char array, as soon as the password is validated, it is possible to empty it and remove the trace of the password text from memory; with a String object, which is garbage collected, it is not as easy as
with a char array.
with a char array.
No comments:
Post a Comment