Friday, September 26, 2014

Why the password filed data need to be stored in the char array

It is a recommended practice to “empty” the read password string once its use is over. This is a secure programming practice to avoid malicious reads of program data to discover password strings.With a char array, as soon as the password is validated, it is possible to empty it and remove the trace of the password text from memory; with a String object, which is garbage collected, it is not as easy as
with a char array.

No comments:

Post a Comment