Executing a process in Java with a password

Question

I have a process which needs to be run through Java and, unfortunately the password needs to be given to the process in plain-text.

Since the event is so transient and we are working behind massive firewalls, I am actually not worried about the password being transmitted to a subprocess like this. What I am a little worried about is that the Process and ProcessBuilder classes only take commands as String objects, not char[] arrays. So, I have to rely on the garbage collector to destroy the String objects at its discretion, allowing someone to possibly take a heap dump of my program later and get a password.

Its a remote possibility, but I am looking for:

1. A better way to start a sub process that does not use String objects, but char[]
2. A way to ensure a String object is properly destroyed after it is used.

(Just to note, due to how this process takes in commands, submitting the password with the inital command is the only way to interact with the sub-process -- see this: Java seems to be sending carriage returns to a sub-process? comments section in original post)

NOTE- The password is not going to the Main() function via commandline. The password is collected using swing JPasswordField, then being written to the ProcessBuilder command array.

IDEA-- I wonder if there is a way through reflection to get the private final char[] value from the String and erase it?

Answer 1

I pursued my idea of using reflection to erase the String.value parameter manually as a means of object destruction. I think it will due!

  private void destroyMe(String destroyMe) {
    try {
      int len = destroyMe.length();
      Field f = destroyMe.getClass().getDeclaredField("value");
      f.setAccessible(true);
      char[] stars = new char[len];
      Arrays.fill(stars, '*');
      f.set(destroyMe, stars);
      f.setAccessible(false);
    } catch (IllegalArgumentException e) {
      e.printStackTrace();
    } catch (IllegalAccessException e) {
      e.printStackTrace();
    } catch (SecurityException e) {
      e.printStackTrace();
    } catch (NoSuchFieldException e) {
      e.printStackTrace();
    }
  }

Answer 2

Putting the password on the command line is discouraged for security reasons.

If someone has access to your program to take a heap dump, then they can instead just do a 'ps' command and view the password directly. I am sure something similar exists in Windows.

If you were running on a linux system, you might consider configuring sudo to allow your program to run the other program with elevated privileges.