Support #2697
Support #2696: security review
make sure all security sensitive data is processed using char[] instead of Strings
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
09/09/2015
Due date:
% Done:
0%
billable:
No
vendor_id:
GCD
case_num:
version:
History
#1 Updated by Greg Shah over 8 years ago
Any data like passwords or encryption keys should never be processed using String
since the result can remain behind in memory after the usage goes out of scope. Instead, char[]
should be used and at the first moment the data is no longer needed the array contents should be zapped (overwritten with (char) 0
.