[security-dev] PicketLink IDM API - Should PasswordCredential use char[] instead of String

Saturday, 1 December 2012

It is a fairly common recommended practice that passwords are stored 
using character arrays instead of String - this means that as soon as it 
is finished with the array can be cleared instead of relying on the 
garbage collector to remote the String from the heap.

Just thinking should PasswordCredential also do the same?

Regards,
Darran Lofthouse.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[security-dev] PicketLink IDM API - Should PasswordCredential use char[] instead of String