Strings in Java are immutable, meaning you cant change them. You can
only modify copies of the original. Because of this, if a password
was read into a String, you couldn't write over it to erase its
contents from memory. It would be at the mercy of the garbage
collector.
With a char [], you can overwrite the elements of the array and be
reasonably safe that the password is gone from memory.
Kevin
On Tue, 15 Feb 2005 07:28:08 -0800 (PST), Babu Kopparam
<babukopparam (at) gmail (dot) com [email concealed]> wrote:
>
>
> Hi! List,
>
> Probably i feel this doubt is related with basic knowledge.
>
> Whenever capturing the password, char[] is used instead of String object. What purpose does this solve.
> --- I am referring to JAVA.
>
> Thanks in advance,
> -Babu.
>
Strings in Java are immutable, meaning you cant change them. You can
only modify copies of the original. Because of this, if a password
was read into a String, you couldn't write over it to erase its
contents from memory. It would be at the mercy of the garbage
collector.
With a char [], you can overwrite the elements of the array and be
reasonably safe that the password is gone from memory.
Kevin
On Tue, 15 Feb 2005 07:28:08 -0800 (PST), Babu Kopparam
<babukopparam (at) gmail (dot) com [email concealed]> wrote:
>
>
> Hi! List,
>
> Probably i feel this doubt is related with basic knowledge.
>
> Whenever capturing the password, char[] is used instead of String object. What purpose does this solve.
> --- I am referring to JAVA.
>
> Thanks in advance,
> -Babu.
>
[ reply ]