Results 1 to 2 of 2

Why Char array is preferred over String for storing password?

This is a discussion on Why Char array is preferred over String for storing password? within the Programming forums, part of the Web Designing & Development category; Why Char array is preferred over String for storing password?...

  1. #1
    Senior Member
    Join Date
    Oct 2017
    Posts
    119

    Default Why Char array is preferred over String for storing password?

    Why Char array is preferred over String for storing password?

  2. #2
    Member
    Join Date
    Aug 2017
    Location
    India
    Posts
    74

    Default Re: Why Char array is preferred over String for storing password?

    Hello,

    String is immutable in Java. We cannot change the contents after usage. It means that we use a String object for storing passwords. We can't get the password free until the garbage collector clears it so there is main issue of security threat and accidently the password can also be printed in application logs.


    eg. String pwd="passwd@123";
    logger.info(pwd); //prints passwd@123


    So character array is prefered over String. Character Arrays are mutable Data Structure which is used to collect and store information. The password won't have any trace left anywhere in the application.


    eg. char[] chars=new char[] {'p', 'a', 's', 's', 'w', 'd', '@', '1', '2', '3');
    logger.info("Value: "+chars); //value :[c@123df]


    In above example the character wont print the contents of the array it memory address will get printed.




    So character array is more secure then the String object.