[security-dev] char[] argument is weak

Bill Burke bburke at redhat.com
Fri Dec 7 08:44:54 EST 2012

Representing passwords as char[] is a weak argument.  Manny of these 
char[] arrays are going to have to stay in memory in some form usually 
anyways.  For example, a browser app may not keep a password in memory, 
but it sure as hell will keep a session cookie in memory which is just 
as big of a security hole.  Passwords used to continually access the 
same resources (DB connections, etc.)  also have to remain in memory 
unless you want to hit persistent storage each and every time.  The 
mechanisms to obtain a password from a user are often already String 
based.  Plus, there's no guarantee a memory swap isn't going to happen 
when the password char[] is in memory anyways.  Finally, if you're 
running a secure system on an insecure box then you deserve your fate.
Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list