Support #2697: make sure all security sensitive data is processed using char[] instead of Strings - Runtime Infrastructure - Golden Code Redmine

Support #2697

Support #2696: security review

make sure all security sensitive data is processed using char[] instead of Strings

Added by Greg Shah over 8 years ago. Updated over 8 years ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

Start date:

09/09/2015

Due date:

% Done:

billable:

vendor_id:

GCD

case_num:

version:

History

#1 Updated by Greg Shah over 8 years ago

Any data like passwords or encryption keys should never be processed using String since the result can remain behind in memory after the usage goes out of scope. Instead, char[] should be used and at the first moment the data is no longer needed the array contents should be zapped (overwritten with (char) 0.

Also available in: Atom PDF

Project

General

Profile

FWD » Core Development » Runtime Infrastructure

Issues

Custom queries

Support #2697

make sure all security sensitive data is processed using char[] instead of Strings

History

#1 Updated by Greg Shah over 8 years ago