Subclasses can still make the same mistake as long as it is a String. It is just something I consider good practice.
Gary On May 5, 2017 1:30 AM, "Mikael Ståldal" <mikael.stal...@magine.com> wrote: > What about a custom implementation of StoreConfiguration.toString which > does not include the password? > > On Fri, May 5, 2017 at 10:28 AM, Gary Gregory <garydgreg...@gmail.com> > wrote: > > > Usually toString on an object that includes a password String can end up > in > > places like logs that it should not be. A char[] toString does not > display > > its contents. > > > > Gary > > > > On May 5, 2017 12:41 AM, "Mikael Ståldal" <mikael.stal...@magine.com> > > wrote: > > > > > What are those security reasons? > > > > > > On Fri, May 5, 2017 at 2:06 AM, Gary Gregory <garydgreg...@gmail.com> > > > wrote: > > > > > > > Hi, > > > > > > > > I think I'd like to change the type > > > > of org.apache.logging.log4j.core.net.ssl.StoreConfiguration.password > > > from > > > > String to char[] for the usual security reason. > > > > > > > > Thoughts? > > > > > > > > Gary > > > > > > > > -- > > > > E-Mail: garydgreg...@gmail.com | ggreg...@apache.org > > > > Java Persistence with Hibernate, Second Edition > > > > <https://www.amazon.com/gp/product/1617290459/ref=as_li_ > > > > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459& > > > > linkCode=as2&tag=garygregory-20&linkId= > cadb800f39946ec62ea2b1af9fe6a2 > > b8> > > > > > > > > <http:////ir-na.amazon-adsystem.com/e/ir?t= > garygregory-20&l=am2&o=1&a= > > > > 1617290459> > > > > JUnit in Action, Second Edition > > > > <https://www.amazon.com/gp/product/1935182021/ref=as_li_ > > > > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021& > > > > linkCode=as2&tag=garygregory-20&linkId= > 31ecd1f6b6d1eaf8886ac902a24de4 > > > 18%22 > > > > > > > > > > > > > <http:////ir-na.amazon-adsystem.com/e/ir?t= > garygregory-20&l=am2&o=1&a= > > > > 1935182021> > > > > Spring Batch in Action > > > > <https://www.amazon.com/gp/product/1935182951/ref=as_li_ > > > > tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951& > > > > linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B% > > > > 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action> > > > > <http:////ir-na.amazon-adsystem.com/e/ir?t= > garygregory-20&l=am2&o=1&a= > > > > 1935182951> > > > > Blog: http://garygregory.wordpress.com > > > > Home: http://garygregory.com/ > > > > Tweet! http://twitter.com/GaryGregory > > > > > > > > > > > > > > > > -- > > > [image: MagineTV] > > > > > > *Mikael Ståldal* > > > Senior software developer > > > > > > *Magine TV* > > > mikael.stal...@magine.com > > > Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com > > > > > > Privileged and/or Confidential Information may be contained in this > > > message. If you are not the addressee indicated in this message > > > (or responsible for delivery of the message to such a person), you may > > not > > > copy or deliver this message to anyone. In such case, > > > you should destroy this message and kindly notify the sender by reply > > > email. > > > > > > > > > -- > [image: MagineTV] > > *Mikael Ståldal* > Senior software developer > > *Magine TV* > mikael.stal...@magine.com > Grev Turegatan 3 | 114 46 Stockholm, Sweden | www.magine.com > > Privileged and/or Confidential Information may be contained in this > message. If you are not the addressee indicated in this message > (or responsible for delivery of the message to such a person), you may not > copy or deliver this message to anyone. In such case, > you should destroy this message and kindly notify the sender by reply > email. >
