char[] or StringBuilder for passwords?
-
26-10-2019 - |
문제
So, because Strings are immutable, we use char[] instead of String to store passwords so that we can erase the characters when we're done with it. Is StringBuilder (or StringBuffer) as safe as a char[] in this case because one can change to value of the password to, say, ""?
해결책
No, because when you overflow the char[]
used by the StringBuilder
, it is replaced by a larger array, but the original array (with part of your password in it) remains in memory until it is garbage-collected.
제휴하지 않습니다 StackOverflow