Shulou(Shulou.com)06/01 Report--

This article mainly explains why the char array is more suitable for storing passwords than String. The explanation in the article is simple and clear, and it is easy to learn and understand. Please follow Xiaobian's train of thought to study and learn why char array is more suitable for storing passwords than String.

String:

1) because the string is immutable in Java, if you store the password as plain text, it will be available in memory until the garbage collector clears it, and for reusability, there will be String in the string pool, which is likely to remain in memory for a long time, thus posing a security threat.

Because anyone with access to the memory dump can find the password in clear text, this is another reason that you should always use an encrypted password instead of plain text.

Because the string is immutable, you cannot change the contents of the string, because any change will result in a new string, and if you use char [], you can set all elements to blank or zero.

Therefore, storing passwords in character arrays can significantly reduce the security risk of stealing passwords.

2) Java itself recommends using JPasswordField's getPassword () method, which returns a char [] and a deprecated getTex () method, which returns the password in clear text for security reasons. Follow the advice of the Java team and stick to the standard instead of opposing it.

3) when using String, there is always a risk of printing plain text in a log file or console, but if you use Array, the contents of the array will not be printed but its memory location will be printed. Although it is not a real reason, it still makes sense.

String strPassword = "Unknown"; char [] charPassword = new char [] {'ULTHINGRAPHY [] System.out.println ("character password:" + strPassword); System.out.println ("character password:" + charPassword)

Output

String password: Unknown character password: [C @ 110b053

I also recommend using a hash or encrypted password instead of plain text and clearing it from memory as soon as the validation is complete.

Therefore, in Java, using character arrays to store passwords is a better choice than strings.

Although using char [] is not enough, you also need to erase the content to be more secure.

Thank you for your reading, the above is the content of "why char array is more suitable for storing passwords than String". After the study of this article, I believe you have a deeper understanding of why char array is more suitable for storing passwords than String. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.