Java – how do I store passwords securely in memory when creating accounts?

2020-04-17 • Java

Our web - based application uses the password specified during account creation to bind user accounts to users For Java, how to safely handle passwords before saving hash values in the database

More specifically, how to ensure that strings holding passwords are garbage collected in a sufficiently short time interval?

Solution

If you can (which can be difficult in Web Applications), it's better to store passwords in character arrays rather than in strings If you have finished storing passwords, you can use array Fill() overwrites it in memory and provides a reference to the garbage collector by discarding it:

Arrays.fill(password,' ');
password = null;

I just noticed that canceling the password would be a little paranoid, but if it reassures you, you can do:)

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java – stop and start JBoss programmatically in eclipse

< <上一篇

Unable to open database – Android

下一篇>>

搜索内容

Java – how do I store passwords securely in memory when creating accounts?

Solution

热门文章