Why we read password from console in char array in

2020-08-09 07:13发布

问题:

This question already has answers here:
Closed 7 years ago.

Possible Duplicate:
Why is char[] preferred over string for passwords?

When I was preparing for OCPJP I came accross the topic - "Reading User input from console".

There was an example where it read username in String reference, whereas password in a char[] array, but I couldn't understand why it used char array.. Here is the code : -

Console console = System.console();

String username = console.readLine("User Name? ");
char[] password = console.readPassword("Password? "); 

This raised a doubt in my mind.. Why didn't we used String reference to store password. Since Strings are immutable, so it must be more secure to read password in a String, as its content could not be changed for that matter.

So, what's the whole point in reading password in char[] array..

Can anyone shed some light in this matter?

回答1:

As you said, strings are immutable, meaning that once you've created the string, if another process can dump memory, there's no way (ok, may with reflection) you can get rid of the data before GC kicks in.

With an array, you can explicitly wipe the data after you're done with it: you can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection.



回答2:

From the Javadoc of java.io.Console:

Security note: If an application needs to read a password or other secure data, it should use readPassword() or readPassword(String, Object...) and manually zero the returned character array after processing to minimize the lifetime of sensitive data in memory.

This is just to prevent other applications (like keyloggers etc., from accessing the password.

And moreover if you use String, since they are immutable, modifying them would create copies in the memory. Using char[] would save you in this case. As they are mutable, they won't create an copies and you can make them null after processing.



回答3:

As strings are immutable, they cannot be overwritten and remain in memory while the application is active. A char array, on the other hand can be cleared of all password information.



回答4:

I believe that it is so you can clear them from memory by overwriting them when you no longer need them. With Java at least, if you use String, then there may be copies leftover in memory.

If you overwrite the char array using a for loop and set each value to 0, I don't think there will be any leftover copies in memory.