[security-dev] PicketLink IDM API - Should PasswordCredential use char[] instead of String
Darran Lofthouse
darran.lofthouse at jboss.com
Sat Dec 1 10:23:15 EST 2012
It is a fairly common recommended practice that passwords are stored
using character arrays instead of String - this means that as soon as it
is finished with the array can be cleared instead of relying on the
garbage collector to remote the String from the heap.
Just thinking should PasswordCredential also do the same?
Regards,
Darran Lofthouse.
More information about the security-dev
mailing list