This question already has answers here:
Closed 7 years ago.
Possible Duplicate:
Why is char[] preferred over string for passwords?
When I was preparing for OCPJP
I came accross the topic - "Reading User input from console".
There was an example where it read username
in String
reference, whereas password
in a char[]
array, but I couldn't understand why it used char array.. Here is the code : -
Console console = System.console();
String username = console.readLine("User Name? ");
char[] password = console.readPassword("Password? ");
This raised a doubt in my mind.. Why didn't we used String reference to store password. Since Strings
are immutable, so it must be more secure to read password in a String, as its content could not be changed for that matter.
So, what's the whole point in reading password
in char[]
array..
Can anyone shed some light in this matter?
As you said, strings are immutable, meaning that once you've created the string, if another process can dump memory, there's no way (ok, may with reflection) you can get rid of the data before GC kicks in.
With an array, you can explicitly wipe the data after you're done with it: you can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection.
From the Javadoc of java.io.Console:
Security note: If an application needs to read a password or other secure data,
it should use readPassword()
or readPassword(String, Object...)
and manually zero
the returned character array after processing to minimize the lifetime of
sensitive data in memory.
This is just to prevent other applications (like keyloggers etc., from accessing the password.
And moreover if you use String
, since they are immutable, modifying them would create copies in the memory. Using char[]
would save you in this case. As they are mutable, they won't create an copies and you can make them null after processing.
As strings are immutable, they cannot be overwritten and remain in memory while the application is active. A char
array, on the other hand can be cleared of all password information.
I believe that it is so you can clear them from memory by overwriting them when you no longer need them. With Java at least, if you use String, then there may be copies leftover in memory.
If you overwrite the char array using a for loop and set each value to 0, I don't think there will be any leftover copies in memory.