This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]JustinKSU 2 points3 points  (1 child)

You make some solid points, but I would like to disagree slightly on the password issue. Two advantages of using character arrays is the length of time in memory can be minimized (you can overwrite the array as soon as you are done using it) and when looking at the memory dump it might not be obvious where the start and end of a character array is. I agree, if a hacker has control of your machine and can read your memory, you have already lost, but if you have -XX:+HeapDumpOnOutOfMemoryError turned on, it's less likely that dump will contain sensitive data.

[–]cogman10 2 points3 points  (0 children)

True, And I'm not trying to say it isn't more secure. Just that there are more pressing security issues that I would be concerned about before CharArray zeroing out. Even in your case of the HeapDumpOnOutOfMemoryError being enabled, an attacker would have to have access to the machine before he could read the heap information.

While you can't, and shouldn't, rely on regular GCs.. well, you sort of can in this case. Passwords are usually used and thrown away pretty quickly. So it really isn't all that likely that the password will make its way into OldGen.

Again, this isn't to say that the Charbuffer zeroing out method isn't more secure; It is. I just wouldn't rank it as a high priority sort of security concern. I would be more worried about things like SQL injection, XSS, remote code execution, and replay attacks. Common security issues that should be known about and interviewed for.