{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 干净又极端 的问题《Is possible to user char[] instead of Strings in a》','https://www.manongdao.com/q-777405.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I read several articles and posts about security regarding (note Comparing input password to stored hashed password in a web app or Why is char[] preferred over String for passwords?
Since to retrieve a parameter value from request uses request.getParameter("passwordFieldName") which returns a String, is there any option to retrieve a parameter from request as a char[]?
You can just use the
String's methodtoCharArrayto convert it into achar[].See the docs for more info.
Unfortunately I know of no way.
The request parameters are already loaded, hopefully internally as reused byte[] or char[]. But then?
So maybe one should reimplement a bit of HTTP server? Not me.
You could on the client side split the password in more than one variable and encrypt them. Whether that is better?
If you do not trust your server platform, better use OpenID or an other delegated authentication.