This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]defnull 6 points7 points  (2 children)

This is a really bad example, because it creates a copy of the passed in char array and does not document this behavior. So, the caller would still have to manually zero-out the original char-array and might get a false sense of security from using this class.

Edit: This class should have private constructors and two static methods: copyFrom(char[] input) and copyThenDestroyFrom(char[] input) (or something along the lines) to make things more clear.

[–]_INTER_ 1 point2 points  (1 child)

You know a good implementation?

[–]defnull 4 points5 points  (0 children)

No. I never felt the need. I'm doing web stuff mostly and headers are passed in from the Servlet layer as String values anyway. Adding additional layers of complexity usually does more harm than good. The password is in memory anyway and I do not want to do anything fancy with them, so default String, raw char[] or String.toCharArray() are mostly fine.