char[] or StringBuilder for passwords?
https://stackoverflow.com/questions/7810342
-
26-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
So, because Strings are immutable, we use char[] instead of String to store passwords so that we can erase the characters when we're done with it. Is StringBuilder (or StringBuffer) as safe as a char[] in this case because one can change to value of the password to, say, ""?
Solution
No, because when you overflow the char[] used by the StringBuilder, it is replaced by a larger array, but the original array (with part of your password in it) remains in memory until it is garbage-collected.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
