I've seen char[] used for passwords instead of String, but not byte[]. As soon as you use a byte[] for a String you need to track an encoding as well.
Gary On Mon, Jul 8, 2013 at 6:05 PM, Roger L. Whitcomb <roger.whitc...@actian.com > wrote: > I had a thought that it would be more secure to pass password data > around in VFS as byte arrays instead of String objects so they could > less easily be found by memory dumpers/scanners. This would apply (for > instance) to GenericFileName constructor and access methods, etc. > Obviously, at some point, you have to convert to String (like in > "GenericFileName.appendCredentials"), but it seems like at least some > level of obfuscation, as in storing the data as bytes might be useful to > increase security. > > > > Thoughts? Thanks. > > > > ~Roger Whitcomb > > Apache Pivot PMC Chair > > -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
